Hi Frank....
> in the appended code you see that i get the information from (child)
> task->comm
>
> where is the right command saved ?
I never tried it by myself, but looking at the kernel source, especially
fs/proc/base.c (btw, i am checking it on 2.4.20), you can see that
/proc/<pid>/cmdline is retrieved by using proc_pid_cmdline() function.
Seems like it is accessing the target process' stack to get the
executable name along with the parameter....
Another possibility is using task_name() (declared in fs/proc/array.c),
this function is used when you "cat" on /proc/<pid>/status (on "Name"
part)
I don't know if it really differs from simply using
printk("%s\n",task->comm) but it worth to check IMHO.
> if ((ret = register_kretprobe(&my_kretprobe)) < 0) {
> printk("register_kretprobe failed, returned %d\n",
> ret); return -1;
Just for confirmation, does that mean you're planting the kprobe's hook
on the return (ret) of do_fork() ? If yes, I think you already do the
whole correctly, just a matter of interpreting task->comm only
regards
Mulyadi
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
