All geek questions in one place

Mac OS X: Get detailed process information (in particular, its startup arguments) for arbitrary running applications using PID

I am trying to detect when specific applications are starting.

I am currently using NSWorkspace , registering for the notification “made application launch”. I also use the runningApplications method to launch applications that are currently running when the application starts.

For most applications, the application name is sufficient. I have a plist from "known applications" that I cross-check with the name given in the notification.

This works fine until you come across an application that acts as a proxy to run another application using command line arguments.

Example: A recently released portal on Mac does not have a dedicated application package. Steam can create a shortcut that serves as nothing more than launching the hl2_osx application with the -game argument and portal as a parameter.

As more source-based games are routed to the Mac, I assume they will use the same method to launch, effectively launching the hl2_osx application with the -game argument.

Is there a good way to get a list of arguments (and their parameters) using the Cocoa API?

NSProcessInfo comes close by offering the `-arguments' method, but provides information only for its own process ...

NSRunningApplication offers the ability to retrieve information about arbitrary applications using the PID, but there is no args command line ...

Is there something that fills the gap between the two?

I try not to go down the path of creating NSTask to run ps -p [pid] and parse the output ... I would prefer something higher.

+6
source share
2 answers

You can use any use of ps , although it is not based on cocoa. According to Singh , ps based on kvm and sysctl calls. Highlighting source , permanent calls look like kvm_openfiles , kvm_getprocs and kvm_getargv . To get command line arguments, first call kvm_openfiles to access the kernel memory, then use kvm_getprocs to get information about the kernel process, then kvm_getargv .

Using sysctl in ps seems less relevant for your purpose; he used to get other information, such as group id and parent process id. The sysctl name used is {CTL_KERN, KERN_PROC, KERN_PROC_which, flags} , where the process filter is set (for example, ALL , PID ), and flags are the arguments for the filter ( sysctl man page for details).

OS X does not support procfs, but Singh has developed a version based on FUSE released under GPLv2. If you linked it to your application, you will also have to release it under GPLv2. Most MacFUSE is released under the BSD-style license , so it can be distributed with your application without using its open source (fusefs / fuse_nodehash. C is released under the Apple open source license, but also allows you to communicate with closed source applications).

The question “ Get another argv process in OS X using C ” should be useful as it has sample code using kvm and sysctl. TN 2050 “Observation Duration Without Survey” may also be useful to you.

+8
source

No - running ps is your best bet. Standard process information interfaces are not supported in OS X (noop versions were provided in OS X 10.4 but subsequently removed), and private interfaces are likely to change between OS X versions.

If you want to block yourself in one version of OS X, all source code is available, for example, for ps or libproc ; you also need to run it as root.

+3
source

Source: https://habr.com/ru/post/1243014/

More articles:


All Articles