Login/Register
Locate __proc_info symbol in XNU project
Asked Answered
Solved cmacosmachxnuvmmap
D

1

7

I'd like to figure out how does VMMAP process operates.

After running this executable with dtrace, it seems that the method proc_regionfilename that extract the address space of each section in the virtual memory.

So, I dug a little deeper, and found its implementation in xnu under the file
libsyscall/wrappers/libproc/libproc.c

In function body i see that the main call is to proc_pidinfo : 

retval = proc_pidinfo(pid, PROC_PIDREGIONPATHINFO, (uint64_t)address, &reginfo, sizeof(struct proc_regionwithpathinfo));

And proc_pidinfo which calls in its turn to __proc_info symbol : 

int __proc_info(int callnum, int pid, int flavor, uint64_t arg, void * buffer, int buffersize);

However, this symbol cannot be found in the code, and i wonder how it's created during pre-compile, compile, link or real time.

Any idea where can i find it, or how does it being created (I haven't tried to compile the kernel yet).

thanks

Decussate answered 22/2, 2016 at 8:51 Comment(0)
P
5

proc_info is a syscall, so it's implementation is in the kernel. Source code for the version found in 10.11.2 can be found here:

http://opensource.apple.com/source/xnu/xnu-3248.20.55/bsd/kern/proc_info.c

Purism answered 22/2, 2016 at 10:48 Comment(2)
Thanks, but why does it declaration in libproc.c is made in the mangled form (__proc_info instead of proc_info) ?Decussate
I think __proc_info is the syscall shim that turns regular function calling convention into syscall convention and actually causes the trap to kernel space. Those are autogenerated from the kernel's syscall table, so you won't find any direct source code for them. Not 100% sure though.Purism

© 2022 - 2024 — McMap. All rights reserved.