Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "the way to view the process information and the method of changing the process name under Linux". In the operation of the actual case, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Preface

There are usually several ways to view process information under Linux

Path description: when top, ps and other commands view process information through ps and top commands, they can only find the relative path and the details of the process that cannot be found, such as the absolute path. Common commands are as follows

Ps-A view all process names

Ps-ef to display the absolute path and parameters of the process

Ps-aux displays the status of all user processes, and the last column shows the absolute path and parameters of the process

Top command reference http://c.biancheng.net/view/1065.html/proc/pid/ folder when starting a process, the system will create a folder named pid under / proc, under which there will be information about our process, including a file named exe that records the absolute path, which can be viewed by the ll or ls-l command. Symbolic links to the actual running program of exe

Cmdline is a read-only file that contains the complete command line information for the process

Comm contains the command name of the process

Symbolic links to the current working directory of the cwd process

Status process status information, which contains more information than stat

Stat process status information

Symbolic links to the current working directory of the cwd process

Latency shows which code causes a large delay

Environ records the environment variables when the process is running

The fd directory is the symbolic link to the files opened or used by the process.

The primary hidden section describes the following two ways to modify the hidden process name

1. Modify the process name 2. 0 by modifying process argv [0]. Modify the process name through Linux prctl 1. Modify the process name by modifying the process argv [0]

Advantages and disadvantages:

The advantage is that ps-ef and ps-aux cannot see the process name and parameters.

The disadvantage is that this method only modifies the value of / prco/pid/cmdline, and you can still see the process name by using the ps-An or top command

We know that in a program, the number of parameters is saved in int argc, the parameters are saved in the array argv [], the first element of the array, argv [0], is the process name, the second element, argv [1], is the first parameter, and so on. It is relatively simple to modify the process name by modifying the process argv [0]. We only need to modify the contents of the memory space pointed to by the argv array in the process startup mian function. It should be noted that another hidden parameter in linux main () is the environment variable information, which stores the environment variables needed by the runtime.

If the new name is smaller than the length of argv [0], we can modify it directly and ask 0 for the extra part.

If the new name is longer than argv [0], we need two steps.

1) apply for new memory to save environment variable information and argv [1 … Argc-1] parameter information

2) modify argv [0] to clear the new name to the last entry of environ.

The following sample code simply empties argv []

# include # include int main (int argc, char * * argv) {printf ("= Before the modification =\ n"); printf ("ProcessName:% s\ n", argv [0]); for (int I = 1; I

< argc; i ++){ printf("Argv%d: %s\n", i, argv[i]); } /* Start the modification */ int new_argc = argc; char ** new_argv = malloc((argc+1) * sizeof(*new_argv)); for(int j = 0; j < argc; j++) { size_t length = strlen(argv[j]) + 1; new_argv[j] = malloc(length); memcpy(new_argv[j], argv[j], length); memset(argv[j], '\0', length); } printf("========== After the modification ============\n"); printf("ProcessName: %s\n", argv[0]); for(int i = 1; i < argc; i ++){ printf("Argv%d: %s\n", i, argv[i]); } printf("========== Copy data ============\n"); printf("ProcessName: %s\n", new_argv[0]); for(int k = 1; k < new_argc; k ++){ printf("Argv%d: %s\n", k, new_argv[k]); } sleep(1000); return 0;}二、通过Linux prctl修改进程名 优缺点： 优点是修改了/prco/pid/stat及/prco/pid/status中的进程名称，使用ps -A 或者top 命令看不到原来的进程名称 缺点是未修改/prco/pid/cmdline 的值，使用ps -ef 、ps -aux可以看到进程名称及参数 使用prctl修改进程名实现也比较简单， 看下面代码 /*gcc changetitle.c -o changetitle*/#include #include int main(int argc, char *argv[], char *envp[]){ char *new_name = "1234567890abcdefg"; getchar(); prctl(PR_SET_NAME, new_name); getchar(); return 0;} 但是prctl修改的进程名，只能是16个字节(包括'\0')，当新名称长度大于16时就会截断，上面的新名字截断后是1234567890abcde ubuntu18@ubuntu:~/Desktop/change_processname$ ps -A | grep changubuntu18@ubuntu:~/Desktop/change_processname$ ps -A | grep 123410764 pts/8 00:00:00 1234567890abcdeubuntu18@ubuntu:~/Desktop/change_processname$ cat /proc/10764/stat10764 (1234567890abcde) S 10709 10764 10709 34824 10764 4194304 69 0 0 0 0 0 0 0 20 0 1 0 14090125 4612096 197 18446744073709551615 94579895803904 94579895806128 140721599190352 0 0 0 0 0 0 1 0 0 17 0 0 0 0 0 0 94579897904560 94579897905168 94579902476288 140721599193924 140721599193938 140721599193938 140721599197162 0三、两者方法相结合 我们可以发现，使用以上两种方法相结合，可以使得 ps -ef 、ps -aux 、ps -A 、top、/proc/pid/status、/proc/pid/cmdline 均看不到真实的进程信息； 看下面代码： /*gcc changetitle.c -o changetitle*/#include #include #include #include #include #include # define MAXLINE 2048extern char **environ;static char **g_main_Argv = NULL; /* pointer to argument vector */static char *g_main_LastArgv = NULL; /* end of argv */void setproctitle_init(int argc, char **argv, char **envp){ int i; for (i = 0; envp[i] != NULL; i++) // calc envp num continue; environ = (char **) malloc(sizeof (char *) * (i + 1)); // malloc envp pointer for (i = 0; envp[i] != NULL; i++) { environ[i] = malloc(sizeof(char) * strlen(envp[i])); strcpy(environ[i], envp[i]); } environ[i] = NULL; g_main_Argv = argv; if (i >

0) g_main_LastArgv = envp [I-1] + strlen (envp [I-1]); else g_main_LastArgv = argv [argc-1] + strlen (argv [argc-1]);} void setproctitle (const char * fmt,...) {char * p; int i; char buf [MAXLINE]; extern char * * gelled mainstay Argv; extern char * gung mainstay LastArgv; va_list ap; p = buf Va_start (ap, fmt); vsprintf (p, fmt, ap); va_end (ap); I = strlen (buf); if (I > g_main_LastArgv-g_main_Argv [0]-2) {I = g_main_LastArgv-g_main_Argv [0]-2; buf [I] ='\ 0' } / / modify argv [0] (void) strcpy (g_main_Argv [0], buf); p = & g_main_Argv [0] [I]; while (p < g_main_LastArgv) * packs + ='\ 0mm; g_main_Argv [1] = NULL; / / call prctl prctl (PR_SET_NAME,buf) } int main (int argc, char * argv []) {char argv_ buf [Maxline] = {0}; / save argv paramters int i; for (I = 1; I < argc; iMax +) {strcat (argv_buf, argv [I]); strcat (argv_buf, ");} / / modify the content setproctitle_init (argc, argv, environ) of the memory space pointed to by argv [0] / / call prctl to modify the process name setproctitle ("% slots% s% s", "12345678", "ip", argv_buf); for (I = 0; environ [I]! = NULL; iTunes +) free (getchar [); return 0;}

However, this still has some limitations, for example, ps, top and other commands can still see the real pid information, and the corresponding pid folder will still be generated under the proc folder; ideally, our process information should disappear completely.

This is the end of the content of "the way to view the process information and the method of changing the process name under Linux". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.