Thread: Issue with reading /proc/<PID>/status

Originally Posted by christop

There's also /proc/<PID>/exename if you only want the executable name:

Code:

$ cat /proc/self/exename
/usr/bin/bash

I think you'll have a problem finding the length of any file under /proc because their contents are generated on the fly by the kernel.

I would follow laserlight's advice of reading the file line by line and parsing it as you go (though with exename the contents is only the name of the executable, so there's no parsing involved). If you still want to parse /proc/<PID>/status, it's pretty easy to limit how many characters are read with scanf:

Code:

char buf[1000];
fgets(buf, sizeof buf, file);
sscanf(buf, "%100[^:]:%*[\t]%100[^\n]", key, value);

(Not tested.)

That will read a whole line and then limit the key (e.g., "Name") and value (e.g., "cat") to 100 characters each. It also properly handles spaces inside the executable name too, if the name happens to include spaces. (It assumes the key doesn't contain spaces, which is true for /proc/<PID>/status.)

(Of course, you'll need to check to see if fgets() read a complete line (if the file contains line longer than the buffer, then fgets() won't read the whole line). If the string doesn't end in a newline character, then the line in the file was too long. You'll have to decide how best to handle that situation.)

Took me a few tries but I got that one to work for me which is good enough, here's the snippet:

Code:

space = &(glance->space);
	key = &(glance->key);
	val = &(glance->val);
	memset( space->block, 0, space->given );
	memset( key->block, 0, key->given );
	memset( val->block, 0, val->given );
	if ( !more_space( err, space, BUFSIZ ) ) {
		fclose(file);
		proc_glance_shut( glance );
		return NULL;
	}
	while ( 1 ) {
		if ( !fgets(space->block, space->given, file) ) {
			fclose(file);
			proc_glance_shut( glance );
			return NULL;
		} 
		if ( strstr( space->block, "\n" ) ||
			strlen(space->block) < space->given - 1 )
			break;
		if ( !more_space( err, space, space->given += BUFSIZ ) ) {
			fclose(file);
			proc_glance_shut( glance );
			return NULL;
		}
		fseek( file, 0, SEEK_SET );
	}
	if ( !more_space( err, key, space->given ) ) {
		fclose(file);
		proc_glance_shut( glance );
		return NULL;
	}
	if ( !more_space( err, val, space->given ) ) {
		fclose(file);
		proc_glance_shut( glance );
		return NULL;
	}
	(void)sscanf( space->block, "%s%*[\t]%s[^\n]",
		(char*)(key->block), (char*)(val->block) );
	notice->name = val->block;
	notice->name_size = val->given;

Now I just gotta resolve an issue with filtering then find out how to get the parent id before I can move onto the main part of my little project (assuming I can resolve my GUI issues, consulting the moon libs developer about that atm)

Originally Posted by awsdert

Took me a few tries but I got that one to work for me which is good enough, here's the snippet:

Why is your sscanf format string different to what christop wrote? I'd prefer "%[^:]:%*[\t]%[^\n]" because yours won't handle process names that have a space in them (it discards the value if there is more than one value for the key as well (e.g. Uid and any of the lines with kB on the end). I guess it doesn't make a difference if you're not using the "value" though, but the Name can have a space in it; e.g.

Code:

$ cat status | grep Name
Name:   tmux: client

There's lots of examples where there is a space in the name.

It seems odd, to me, that if you're concerned about speed, you're reading all that junk as well instead of using <pid>/stat... surely having a few reallocs is faster than reading a whole lot of data that you won't use (?)

Originally Posted by Hodor

Why is your sscanf format string different to what christop wrote? I'd prefer "%[^:]:%*[\t]%[^\n]" because yours won't handle process names that have a space in them (it discards the value if there is more than one value for the key as well (e.g. Uid and any of the lines with kB on the end). I guess it doesn't make a difference if you're not using the "value" though, but the Name can have a space in it; e.g.

Code:

$ cat status | grep Name
Name:   tmux: client

There's lots of examples where there is a space in the name.

It seems odd, to me, that if you're concerned about speed, you're reading all that junk as well instead of using <pid>/stat... surely having a few reallocs is faster than reading a whole lot of data that you won't use (?)

Pid stat gave me junk so I just switched back to pid status, haven't looked indepth at the format specifier, as I said I had to try a few times before I got anything out of it, although I didn't actually remember it was in pid stat until last round of trying

About to try on stat again but with just %s, for now however I'll post the results from status using what I already had, if you see a problem then please point it out:

Code:

make --no-print-directory
Already up to date.
Already up to date.
Already up to date.
Already up to date.
clang  -I cloned/lua -I cloned/moonnuklear -I cloned/moonglfw -I cloned/moongl -fPIC -Wall -std=c99 -D _GNU_SOURCE -D LINUX -D LUA_USE_LINUX -D LUA_USE_READLINE -DLUAVER=5.3 -o gasp.c.o -c gasp.c
clang -fPIC -ldl -lm -llua -o gasp.elf gasp.c.o
./gasp.elf
Opening backend...
Loading moongl...
Failed:
[string "require('moongl.make')"]:1: module 'moongl.make' not found:
	no field package.preload['moongl.make']
	no file './moongl/make.lua'
	no file './moongl/make.so'
	no module 'moongl.make' in file './moongl.so'
Process 0001 is 'systemd'
Process 0002 is 'kthreadd'
Process 0003 is 'rcu_gp'
Process 0004 is 'rcu_par_gp'
Process 0006 is 'kworker/0:0H-kblockd'
Process 0008 is 'mm_percpu_wq'
Process 0009 is 'ksoftirqd/0'
Process 000A is 'rcuc/0'
Process 000B is 'rcu_preempt'
Process 000C is 'rcub/0'
Process 000D is 'migration/0'
Process 000E is 'idle_inject/0'
Process 0010 is 'cpuhp/0'
Process 0011 is 'cpuhp/1'
Process 0012 is 'idle_inject/1'
Process 0013 is 'migration/1'
Process 0014 is 'rcuc/1'
Process 0015 is 'ksoftirqd/1'
Process 0017 is 'kworker/1:0H-kblockd'
Process 0018 is 'cpuhp/2'
Process 0019 is 'idle_inject/2'
Process 001A is 'migration/2'
Process 001B is 'rcuc/2'
Process 001C is 'ksoftirqd/2'
Process 001E is 'kworker/2:0H-kblockd'
Process 001F is 'cpuhp/3'
Process 0020 is 'idle_inject/3'
Process 0021 is 'migration/3'
Process 0022 is 'rcuc/3'
Process 0023 is 'ksoftirqd/3'
Process 0025 is 'kworker/3:0H-kblockd'
Process 0026 is 'kdevtmpfs'
Process 0027 is 'netns'
Process 0028 is 'rcu_tasks_kthre'
Process 0029 is 'kauditd'
Process 002C is 'khungtaskd'
Process 002D is 'oom_reaper'
Process 002E is 'writeback'
Process 002F is 'kcompactd0'
Process 0030 is 'ksmd'
Process 0031 is 'khugepaged'
Process 0037 is 'kworker/1:1-events'
Process 008A is 'kintegrityd'
Process 008B is 'kblockd'
Process 008C is 'blkcg_punt_bio'
Process 008D is 'edac-poller'
Process 008E is 'devfreq_wq'
Process 008F is 'watchdogd'
Process 0090 is 'kswapd0'
Process 0093 is 'kthrotld'
Process 0094 is 'acpi_thermal_pm'
Process 0095 is 'nvme-wq'
Process 0096 is 'nvme-reset-wq'
Process 0097 is 'nvme-delete-wq'
Process 0098 is 'ipv6_addrconf'
Process 00A3 is 'kstrp'
Process 00A9 is 'kworker/u17:0-btrfs-worker-high'
Process 00B4 is 'charger_manager'
Process 00DF is 'kworker/0:2-events'
Process 00E2 is 'ata_sff'
Process 00E3 is 'kworker/0:3-events'
Process 00E4 is 'scsi_eh_0'
Process 00E5 is 'scsi_tmf_0'
Process 00E6 is 'scsi_eh_1'
Process 00E7 is 'scsi_tmf_1'
Process 00EA is 'scsi_eh_2'
Process 00EB is 'scsi_tmf_2'
Process 00EC is 'scsi_eh_3'
Process 00ED is 'scsi_tmf_3'
Process 00EE is 'scsi_eh_4'
Process 00EF is 'scsi_tmf_4'
Process 00F0 is 'scsi_eh_5'
Process 00F1 is 'scsi_tmf_5'
Process 00F2 is 'scsi_eh_6'
Process 00F3 is 'scsi_tmf_6'
Process 00F4 is 'scsi_eh_7'
Process 00F5 is 'scsi_tmf_7'
Process 0101 is 'kworker/2:3-events'
Process 0109 is 'kworker/0:1H-kblockd'
Process 010B is 'kworker/2:1H-kblockd'
Process 0111 is 'scsi_eh_8'
Process 0112 is 'scsi_tmf_8'
Process 0113 is 'usb-storage'
Process 0117 is 'scsi_eh_9'
Process 0118 is 'scsi_tmf_9'
Process 0119 is 'usb-storage'
Process 011A is 'scsi_eh_10'
Process 011B is 'scsi_tmf_10'
Process 011C is 'usb-storage'
Process 011D is 'kworker/1:2-events'
Process 0121 is 'kworker/1:1H-kblockd'
Process 0123 is 'kworker/3:3-usb_hub_wq'
Process 0125 is 'kworker/3:1H-kblockd'
Process 0126 is 'btrfs-worker'
Process 0127 is 'btrfs-worker-hi'
Process 0128 is 'btrfs-delalloc'
Process 0129 is 'btrfs-flush_del'
Process 012A is 'btrfs-cache'
Process 012B is 'btrfs-submit'
Process 012C is 'btrfs-fixup'
Process 012D is 'btrfs-endio'
Process 012E is 'btrfs-endio-met'
Process 012F is 'btrfs-endio-met'
Process 0130 is 'btrfs-endio-rai'
Process 0131 is 'btrfs-endio-rep'
Process 0132 is 'btrfs-rmw'
Process 0133 is 'btrfs-endio-wri'
Process 0134 is 'btrfs-freespace'
Process 0135 is 'btrfs-delayed-m'
Process 0136 is 'btrfs-readahead'
Process 0137 is 'btrfs-qgroup-re'
Process 013A is 'btrfs-cleaner'
Process 013B is 'btrfs-transacti'
Process 0164 is 'lvmetad'
Process 01A3 is 'haveged'
Process 01A4 is 'systemd-journal'
Process 01A5 is 'systemd-udevd'
Process 01A7 is 'systemd-udevd'
Process 01A8 is 'systemd-udevd'
Process 01A9 is 'systemd-udevd'
Process 01AA is 'systemd-udevd'
Process 01AB is 'systemd-udevd'
Process 01AC is 'systemd-udevd'
Process 01AD is 'systemd-udevd'
Process 01AE is 'systemd-udevd'
Process 01AF is 'systemd-udevd'
Process 01B0 is 'systemd-udevd'
Process 01B1 is 'systemd-udevd'
Process 01B2 is 'systemd-udevd'
Process 01B3 is 'systemd-udevd'
Process 01B4 is 'systemd-udevd'
Process 01B5 is 'systemd-udevd'
Process 01B6 is 'systemd-udevd'
Process 01B7 is 'systemd-udevd'
Process 01B8 is 'systemd-udevd'
Process 01B9 is 'systemd-udevd'
Process 01BA is 'systemd-udevd'
Process 01BB is 'systemd-udevd'
Process 01BC is 'systemd-udevd'
Process 01BD is 'systemd-udevd'
Process 01BE is 'systemd-udevd'
Process 01BF is 'systemd-udevd'
Process 01C0 is 'systemd-udevd'
Process 01C1 is 'systemd-udevd'
Process 01C2 is 'systemd-udevd'
Process 01C3 is 'systemd-udevd'
Process 01C4 is 'systemd-udevd'
Process 01C5 is 'systemd-udevd'
Process 01C6 is 'systemd-udevd'
Process 01C7 is 'systemd-udevd'
Process 01C8 is 'systemd-udevd'
Process 01C9 is 'systemd-udevd'
Process 01CA is 'systemd-udevd'
Process 01CB is 'systemd-udevd'
Process 01CC is 'systemd-udevd'
Process 01CD is 'systemd-udevd'
Process 01CE is 'systemd-udevd'
Process 01E6 is 'cryptd'
Process 023C is 'kworker/u17:2-hci0'
Process 023F is 'ttm_swap'
Process 0240 is 'gfx'
Process 0241 is 'comp_1.0.0'
Process 0242 is 'comp_1.0.1'
Process 0243 is 'comp_1.0.2'
Process 0244 is 'comp_1.0.3'
Process 0245 is 'comp_1.0.4'
Process 0246 is 'comp_1.0.5'
Process 0247 is 'comp_1.0.6'
Process 0248 is 'comp_1.0.7'
Process 024A is 'sdma0'
Process 024B is 'sdma1'
Process 024C is 'uvd'
Process 024D is 'uvd_enc0'
Process 024E is 'uvd_enc1'
Process 0250 is 'vce0'
Process 0251 is 'vce1'
Process 0252 is 'vce2'
Process 025C is 'dbus-daemon'
Process 025D is 'NetworkManager'
Process 025E is 'crond'
Process 0260 is 'systemd-logind'
Process 0261 is 'polkitd'
Process 0262 is 'bluetoothd'
Process 0263 is 'avahi-daemon'
Process 026E is 'avahi-daemon'
Process 0290 is 'cupsd'
Process 0292 is 'lightdm'
Process 02A4 is 'accounts-daemon'
Process 02A6 is 'ModemManager'
Process 02B2 is 'Xorg'
Process 0373 is 'lightdm'
Process 0378 is 'systemd'
Process 0379 is '(sd-pam)'
Process 0384 is 'gnome-keyring-d'
Process 0387 is 'cinnamon-sessio'
Process 038F is 'dbus-daemon'
Process 039E is 'gvfsd'
Process 03A3 is 'gvfsd-fuse'
Process 03AC is 'at-spi-bus-laun'
Process 03B2 is 'dbus-daemon'
Process 03B5 is 'cinnamon-screen'
Process 03BC is 'at-spi2-registr'
Process 03C6 is 'csd-sound'
Process 03C7 is 'csd-cursor'
Process 03C9 is 'csd-orientation'
Process 03CA is 'csd-a11y-settin'
Process 03CB is 'csd-wacom'
Process 03D0 is 'csd-housekeepin'
Process 03D3 is 'csd-power'
Process 03D6 is 'csd-automount'
Process 03D7 is 'csd-xrandr'
Process 03DE is 'csd-keyboard'
Process 03DF is 'csd-print-notif'
Process 03E4 is 'csd-background'
Process 03E6 is 'csd-xsettings'
Process 03EC is 'csd-media-keys'
Process 03EE is 'csd-screensaver'
Process 03F2 is 'upowerd'
Process 03F6 is 'csd-clipboard'
Process 03FA is 'csd-mouse'
Process 0402 is 'csd-a11y-keyboa'
Process 0404 is 'pulseaudio'
Process 0406 is 'csd-color'
Process 0417 is 'dconf-service'
Process 041B is 'gvfs-udisks2-vo'
Process 0420 is 'udisksd'
Process 042B is 'csd-locate-poin'
Process 0433 is 'colord'
Process 043A is 'csd-printer'
Process 0472 is 'rtkit-daemon'
Process 047E is 'gvfs-mtp-volume'
Process 0488 is 'gvfs-gphoto2-vo'
Process 0491 is 'gvfs-afc-volume'
Process 049A is 'btrfs-worker'
Process 049B is 'btrfs-worker-hi'
Process 049C is 'btrfs-delalloc'
Process 049D is 'btrfs-flush_del'
Process 049E is 'btrfs-cache'
Process 049F is 'btrfs-submit'
Process 04A0 is 'btrfs-fixup'
Process 04A1 is 'btrfs-endio'
Process 04A2 is 'btrfs-endio-met'
Process 04A3 is 'btrfs-endio-met'
Process 04A4 is 'btrfs-endio-rai'
Process 04A5 is 'btrfs-endio-rep'
Process 04A6 is 'btrfs-rmw'
Process 04A7 is 'btrfs-endio-wri'
Process 04A8 is 'btrfs-freespace'
Process 04A9 is 'btrfs-delayed-m'
Process 04AA is 'btrfs-readahead'
Process 04AB is 'btrfs-qgroup-re'
Process 04AD is 'btrfs-cleaner'
Process 04AE is 'btrfs-transacti'
Process 04B4 is 'mount.exfat'
Process 04C4 is 'gsettings-helpe'
Process 04CB is 'krfcommd'
Process 04CC is 'cinnamon-launch'
Process 04D1 is 'cinnamon'
Process 04F3 is 'blueman-applet'
Process 04F4 is 'parcellite'
Process 04F5 is 'agent'
Process 04FB is 'caribou'
Process 050A is 'msm_notifier'
Process 050C is 'pamac-tray'
Process 050D is 'nm-applet'
Process 050E is 'cinnamon-killer'
Process 050F is 'polkit-gnome-au'
Process 052C is 'gvfsd-trash'
Process 0552 is 'blueman-tray'
Process 0561 is 'obexd'
Process 0577 is 'gvfsd-metadata'
Process 05B2 is 'nemo-desktop'
Process 0602 is 'applet.py'
Process 205F is 'kworker/2:0'
Process 2399 is 'firefox'
Process 23E5 is 'Web'
Process 244B is 'WebExtensions'
Process 24C2 is 'kworker/u16:2-btrfs-worker'
Process 24C4 is 'kworker/u16:8-events_unbound'
Process 2C91 is 'Web'
Process 39AC is 'kworker/3:1-events'
Process 4226 is 'kworker/u16:1-btrfs-endio-write'
Process 4B1C is 'kworker/u16:5-btrfs-endio-write'
Process 50C4 is 'kworker/u16:4-btrfs-worker'
Process 53DE is 'kworker/3:2-events'
Process 5464 is 'Web'
Process 54C3 is 'Web'
Process 56EE is 'kworker/u16:3-btrfs-endio'
Process 56EF is 'kworker/u16:6-btrfs-worker'
Process 583D is 'geany'
Process 584D is 'bash'
Process 5A46 is 'kworker/3:0-events'
Process 5B2B is 'nemo'
Process 5DFE is 'make'
Process 5E2E is 'gasp.elf'
Compilation finished successfully.

Yeah I was definitely better off with /proc/<PID>/status

Getting this result:

Code:

Entry 1385 is 'gasp.elf' with Owner 0000

from this code:

Code:

(void)sscanf( space->block, "%s%*[\t]%s[^\n]",
		(char*)(key->block), (char*)(notice->name.block) );
	fseek( file,
		(ptrdiff_t)(strstr(space->block,"\n") - (char*)(space->block)),
		SEEK_SET );
	(void)fgets( space->block, space->given, file );
	sscanf( space->block, "%*[^P]%*[^:]%*[^P]%s%d",
		(char*)(key->block), &(notice->ownerId) );

Given that gasp.elf is currently launched from make I should be getting an ppid there, any ideas what I'm doing wrong?

Never mind found my fix:

Code:

	fseek( file, 0, SEEK_SET );
	while ( fscanf( file, "%s", (char*)(space->block) ) > 0 ) {
		if ( strcmp( space->block, "PPid:" ) == 0 ) break;
	}
	fscanf( file, "%d",	&(notice->ownerId) );

Well I managed to fix the issue I was having with my reliant code, since there's bound to be someone who wants to copy it at some point I've attached an upload of my file in it's current state, not done any cleaning since I'm still working my way towards my original target of finding and modifying memory of user specified processes, I gotta make my own version of aobscan that cheat engine uses before I upload it to github with cleanups galore. Just treat the attached file as MIT License cause that's what I'm gonna put it under anyways, for the referencing just use this thread url for now and switch when you find a gasp project under my username (awsdert) on github

Originally Posted by Hodor

Code:

    (void)sscanf( full->block, "%s%*[\t]%s[^\n]",
        (char*)(key->block), (char*)(notice->name.block) );

Unfortunately that code is almost certainly wrong. It will not read things like Uid correctly and it will not read process names that have spaces in them (which is common) correctly


Edit: To see how things are normally done maybe you can look at the source code for ps or something similar?

That's probably under GNU License, I'll just open an actual status file and look redesign around what I see but for now that will do so that it doesn't get corrupted with "Umask:", my original goal of cheating on FFXV should be doable though since I already have a couple of unique byte sequences for locating areas that contain level and funds etc (fun fact, while the game has a soft cap of level 120 it doesn't crash if you set in nice and high like 9999, instead it boosts your base stats to the point you no longer need weapons and armour besides ribbon)

@awsdert I'm sorry if my last comment sounded rude. It's just that I'm not used to seeing C written in the way that you write it. I guess I'm just used to seeing C or C++ (or whatever language) written in an obvious way and if there is code that is "unusual" I immediately question it, especially if there's not a comment. I really don't know why anyone would write return (space->block = NULL) without a comment (or even with a comment) because I know what it does but I have no idea if it does what you intended it to do. Put shortly if I had a pull request for one of my projects and it had a line like that I'd reject it because it can be written more clearly where the programmer's intent is obvious.

Originally Posted by awsdert

That's probably under GNU License, I'll just open an actual status file and look redesign around what I see but for now that will do so that it doesn't get corrupted with "Umask:", my original goal of cheating on FFXV should be doable though since I already have a couple of unique byte sequences for locating areas that contain level and funds etc (fun fact, while the game has a soft cap of level 120 it doesn't crash if you set in nice and high like 9999, instead it boosts your base stats to the point you no longer need weapons and armour besides ribbon)

I'm sure you're allowed to look at it without causing license issues. It's pretty complicated though so that it supports more than just Linux

Originally Posted by Hodor

@awsdert I'm sorry if my last comment sounded rude. It's just that I'm not used to seeing C written in the way that you write it. I guess I'm just used to seeing C or C++ (or whatever language) written in an obvious way and if there is code that is "unusual" I immediately question it, especially if there's not a comment. I really don't know why anyone would write return (space->block = NULL) without a comment (or even with a comment) because I know what it does but I have no idea if it does what you intended it to do. Put shortly if I had a pull request for one of my projects and it had a line like that I'd reject it because it can be written more clearly where the programmer's intent is obvious.

I thought that was obvious, cleanup of the handed object when the memory is freed so subsequent calls don't segfault

Originally Posted by Hodor

I'm sure you're allowed to look at it without causing license issues. It's pretty complicated though so that it supports more than just Linux

I like the motto better safe than sorry