Return to BSD News archive
Xref: sserve comp.os.386bsd.development:2796 comp.unix.bsd:15512 Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!yarrina.connect.com.au!werple.apana.org.au!otis.apana.org.au!serval.net.wsu.edu!netnews.nwnet.net!oracle.pnl.gov!osi-east2.es.net!cronkite.nersc.gov!dancer.ca.sandia.gov!overload.lbl.gov!lll-winken.llnl.gov!uwm.edu!vixen.cso.uiuc.edu!howland.reston.ans.net!pipex!sunic!seunet!news2.swip.net!ski.se!lgt From: lgt@ski.se (Lars-Gunnar Taube) Newsgroups: comp.os.386bsd.development,comp.unix.bsd Subject: Re: How to find the filename of the binary executable... Date: 8 Dec 94 09:22:48 GMT Organization: Swedish Nuclear Power Inspectorate, Stockholm Lines: 39 Message-ID: <lgt.786878568@ski.se> References: <3c35e2$6sv@shore.shore.net> NNTP-Posting-Host: pluto.ski.se witr@rwwa.com (Robert Withrow) writes: >Can someone tell me how to find the filename of the *binary* >file being executed (on, say, FreeBSD 1.1.5.1, or sunos.recent)? >P.S.: if your answer is argv[0], you don't understand the >question... Right. I once asked myself almost the same question: "How can I, given a PID, find out which executable file the process is executing code from?" With "executable file" I mean a (filesystem,inode) pair. The OS/etc. in question was BSD4.2 on a VAX-11/750, but the same method should at least partially apply since SunOS 4.whatever is derived from BSD. I dug up the src to ps(1) (or was it sps?) and snooped around a bit trying to understand the structures in the kernel. The structures involved were struct user and struct proc (as I remember, it was 7 years ago). After I had gained some understanding, I put together a program that did what I wanted, returned a (fs,inode) pair. Of course, then I had to get at the actual filename(s), so I used find(1). N.B. The snooping in kmem of course requires root (or group kmem) privs. Hopefully this will be of some help. -- Lars-Gunnar Taube init ab Box 49102 S-100 28 STOCKHOLM SWEDEN ------------> lgt@init.se