I need to find out what libraries a process has loaded and might use throughout it's lifetime. Is this possible and how. Or better yet, i have a library name and i need to find out what processes are using it, is this possible.

On the same note, is it possible to get notified some how when a unix process is launched and when it is quit. They would not be child processes of my process, i just need to know globally.

Update:

I think I didn't give enough information. I was looking for a way to find the loaded libraries a process has and I need to do it in C/C++.

Solaris has pldd. For Linux you can call ldd on the executable or pmap on a running process or look into /proc/PID/maps for mapped libraries.

On OS X, just need to set DYLD_PRINT_LIBRARIES

export DYLD_PRINT_LIBRARIES=1
./your_process

On Mac OS X you can use vmmap $pid to get a list of mapped memory regions for a process. This does show all loaded libraries (at least it works for me here on 10.7.5).

ps -A will give you a list of all processes, so ps -A | grep $APPNAME will get you your process id $pid for use with vmmap $pid. lsof -p $pid also works.

The question seems to be asking for a dynamic method from C++. You could poll with these commands and analyse the results, although you may miss fast load/unload events.

lsof is open source software under a BSD licence. Its source code no doubt provides some insight for how to do this from C/C++. See: http://en.wikipedia.org/wiki/Lsof

if lsof is not installed, you can simply cat /proc/$pid/maps

you can also check on disk executables with ldd to see what libs they will open (but that doesn't show libraries opened dynamically using dlopen()).

As for monitoring new processes, you can possibly add an inotify watch on /proc to monitor the creation/destruction of new numeric only directories.

Update: inotify on /proc doesn't work, but there are apparently alternatives, see this thread

you can use lsof. See the man page for more info. Another tool is strace. To see if a process is launched, you can use ps -ef piped to grep, or tools like pgrep as well. check for the return value to know if its quit or not.

I do not have the specific answer that you are looking for, but I have something close, that will perhaps get you close to what you want. You can display the linked library of a specific binary (not process) by:

1. install xcode https://developer.apple.com/xcode/
2. execute: otool -L PATH_TO_BINARY

EXAMPLE:

chris$ otool -L /usr/local/bin/mtr
mtr:
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 159.1.0)
    /usr/lib/libncurses.5.4.dylib (compatibility version 5.4.0, current version 5.4.0)
    /usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 46.1.0)

I'm trying (and failing) to do this also. Look at mach_vm_read and vm_region_recurse_64. Closed-source applications like vmmap and Apple's Crash Reporter do this also using those methods, as well as open-source GDB. You might try looking there for an answer, but the source is challenging to read.