format of sysctl( { CTL_KERN, KERN_PROCARGS, pid } )

81 views
Skip to first unread message

Gerriet M. Denkmann

unread,
Mar 31, 2012, 3:40:22 PM3/31/12
to darwin-kernel@lists.apple.com Kernel
Is the output format of format of sysctl( { CTL_KERN, KERN_PROCARGS, pid } ) somewhere documented?

The output seems to be mostly Utf8-strings, with some ints thrown in. These ints seem to have their lower 16 bits = zero.


Kind regards,

Gerriet.


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (Darwin...@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/darwin-kernel/darwin-kernel-garchive-95844%40googlegroups.com

This email sent to darwin-kernel-...@googlegroups.com

Gerriet M. Denkmann

unread,
Mar 31, 2012, 10:48:51 PM3/31/12
to Michael Nickerson, darwin-kernel@lists.apple.com Kernel

On 1 Apr 2012, at 07:44, Michael Nickerson wrote:

> On Mar 31, 2012, at 3:40 PM, "Gerriet M. Denkmann" <ger...@mdenkmann.de> wrote:
>
>> Is the output format of format of sysctl( { CTL_KERN, KERN_PROCARGS, pid } ) somewhere documented?
>>
>> The output seems to be mostly Utf8-strings, with some ints thrown in. These ints seem to have their lower 16 bits = zero.
>>
>>
>

> If I remember correctly, it's just an array of chars, each separated by a NULL char ('\0'). It's been awhile since I played around with it, but I think it's the path that was used to invoke the executable (twice I think), followed by any arguments passed to it, and maybe after that environment variables. The latter may only be given with KERN_PROCARGS2, I don't remember.


A typical output of KERN_PROCARGS is:
00000 "/System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService"
0x08c uint32 0
0x090 "com.apple.coremedia.videodecoder"
0x0b1 "HOME=/Users/gerriet"
0x0c5 "Apple_PubSub_Socket_Render=/tmp/launch-kEQ3zJ/Render"
0x0fa "SSH_AUTH_SOCK=/tmp/launch-prg9nP/Listeners"
0x125 "PATH=/usr/bin:/bin:/usr/sbin:/sbin"
0x148 "__CF_USER_TEXT_ENCODING=0x1F6:0:2"
0x16a "TMPDIR=/var/folders/0f/2zvz4vss10gdwm_dwz__2kh80000gp/T/"
0x1a4 uint32 0
0x1a8 "stack_guard=0xc24643161eedeb92"
0x1c7 "malloc_entropy=0x0681aaf5720495d0,0x6d06a7d32ea812b7"
0x1fc uint32 0
0x200 uint32 0
0x204 uint32 0xbfff0000
0x208 uint32 0
0x20c "/System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService"
0x298 uint32 0

That is: '\0' terminated Utf8-strings + some uint32.
The sequence 0,0, 0xbfff0000, 0 is fairly typical.
The other zeroes may or may not occur.

KERN_PROCARGS2 has only uint32s - if at all. Nothing which looks interesting for me.

Shantonu Sen

unread,
Apr 1, 2012, 12:00:58 AM4/1/12
to Gerriet M. Denkmann, Michael Nickerson, darwin-kernel@lists.apple.com Kernel
the only documentation is the source:
<http://www.opensource.apple.com/source/xnu/xnu-1699.24.23/bsd/kern/kern_sysctl.c>
<http://www.opensource.apple.com/source/xnu/xnu-1699.24.23/bsd/kern/kern_exec.c>

those aren't uint32=0, they are zeros to align parts of the argument area at pointer alignment (8 bytes for a 64-bit process)

Shantonu

> https://lists.apple.com/mailman/options/darwin-kernel/ssen%40apple.com
>
> This email sent to ss...@apple.com

Reply all
Reply to author
Forward
0 new messages