Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Locate __proc_info symbol in XNU project

Tags:

c

macos

mach

xnu

vmmap

I'd like to figure out how does VMMAP process operates.

After running this executable with dtrace, it seems that the method proc_regionfilename that extract the address space of each section in the virtual memory.

So, I dug a little deeper, and found its implementation in xnu under the file
libsyscall/wrappers/libproc/libproc.c

In function body i see that the main call is to proc_pidinfo :

retval = proc_pidinfo(pid, PROC_PIDREGIONPATHINFO, (uint64_t)address, &reginfo, sizeof(struct proc_regionwithpathinfo));

And proc_pidinfo which calls in its turn to __proc_info symbol :

int __proc_info(int callnum, int pid, int flavor, uint64_t arg, void * buffer, int buffersize);

However, this symbol cannot be found in the code, and i wonder how it's created during pre-compile, compile, link or real time.

Any idea where can i find it, or how does it being created (I haven't tried to compile the kernel yet).

thanks

like image 639
Zohar81 Avatar asked Feb 22 '16 08:02

Zohar81


1 Answers

proc_info is a syscall, so it's implementation is in the kernel. Source code for the version found in 10.11.2 can be found here:

http://opensource.apple.com/source/xnu/xnu-3248.20.55/bsd/kern/proc_info.c

like image 185
pmdj Avatar answered Nov 04 '22 14:11

pmdj