Where is the struct list definition in xnu source code?

We include the <sys/proc_internal.h> in our kext, but the build process complains that:

"Field has incomplete type 'struct klist' " for the struct proc{ ... }


Does anybody knows where the definition of 'struct klist' is?


Regards,

Dennis

Up vote post of Dennis Chen Down vote post of Dennis Chen
2.1k views
Posted by
Dennis Chen
Reply
Add a Comment

Replies

Found this, if that may help, with struct proc definition.

includes may give the searched info ?


https://opensource.apple.com/source/xnu/xnu-201/bsd/sys/proc.h.auto.html

Posted by
Claude31
Up vote reply of Claude31 Down vote reply of Claude31
Add a Comment

The struct proc there doesn't have the struct klist member, we want to use that struct in our kext, but when we include the 'proc_internal.h' in our source code, we can't find the struct klist definition: https://github.com/apple/darwin-xnu/blob/master/bsd/sys/proc_internal.h#L346


Actually we have lck_mtx_t member variable definition issue either, but we can find its implementation when searching xnu source code, only struct klist is an exceptional...

Posted by
Dennis Chen
Up vote reply of Dennis Chen Down vote reply of Dennis Chen
Add a Comment

We include the 

<sys/proc_internal.h>
in our kext …

What’s you’re high-level goal here? The contents of 

<sys/proc_internal.h>
are… well… internal, and thus aren’t available as part of any KPI. Thus you won’t be able to use them in any KEXT that you intend to ship to real users.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Ah, we'd like to hook the process creation via the mac_cred_check_label_update_execve, meaning when a process created in the system our implementation of mac_cred_check_label_update_execve will be invoked, in that implementation we want to get some process relevant information from the passed struct proc *p , such as the {session id, tty, process group...} which can't be fetched directly from the public KPIs..., so we copy the proc_internal.h to the xcode SDK and want to figure out the actual struct proc layout of the memory block pointered by the struct proc *p passed.

That's the story, any suggestion about that?

Posted by
Dennis Chen
Up vote reply of Dennis Chen Down vote reply of Dennis Chen
Add a Comment

The kernel’s MAC framework is not KPI:

So, are you planning to ship this to real users? Or are you just experimenting? If it’s the former, you need to step back and rethink your entire approach.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thanks eskimo, that's be very helpful. I am just experimenting and see if we can get something about proc. So the thing should be like:


After the xcode installed, we need to check the SDK header to see if that function is a KPI ($(xcrun -sdk macosx -show-sdk-path)/System/Library/Frameworks/Kernel.framework/Headers).


BTW, where is the FindKPI.py after googled? It will be better if you can point me to that 🙂

Posted by
Dennis Chen
Up vote reply of Dennis Chen Down vote reply of Dennis Chen
Add a Comment

where is the FindKPI.py

It was originally attached to QA1575, but somewhere in the ‘evolution’ of our documentation publishing system it got dropped. Sorry about that.

I’ve pasted the code in below. It hasn’t been updated in a while (go Python 2.5!) but it still meets my needs. However, I encourage you to use 

kextlibs
, which ships with the system and thus gets updated as the system evolves.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
#! /usr/bin/python

import sys
import os
import subprocess   # requires Python 2.5
import plistlib

def addExportedSymbols(symDict, kextPath):
    infoPlist = plistlib.readPlist(os.path.join(kextPath, "Info.plist"))
    if infoPlist.has_key('CFBundleExecutable'):
        bundleID = infoPlist['CFBundleIdentifier']
        imagePath = os.path.join(kextPath, infoPlist['CFBundleExecutable'])
        symbols = subprocess.Popen(
            ["nm", "-j", imagePath], 
            stdout=subprocess.PIPE
        ).communicate()[0].split("\n")
        for sym in symbols:
            if sym != "":
                assert not symDict.has_key(sym)
                symDict[sym] = bundleID

def getSymbolsForExtensions():
    kextDir = "/System/Library/Extensions/System.kext/PlugIns"
    symDict = {}
    for kextName in os.listdir(kextDir):
        # Don't consider certain KEXTs.  Specifically exclude the 
        # Unsupported and MACFramework KEXTs.  Also, ignore any 
        # "6.0" KEXTs, which are present for compatibility only.
        if (   kextName not in ("Unsupported.kext", "MACFramework.kext")
           and not os.path.splitext(kextName)[0].endswith("6.0") ):
            addExportedSymbols(symDict, os.path.join(kextDir, kextName))
    return symDict

if len(sys.argv) < 2:
    print >> sys.stderr, "usage: %s name..." % os.path.basename(sys.argv[0])
    print >> sys.stderr, "    where name is either a C function name or a C++ class name"
    sys.exit(1)
else:
    symDict = getSymbolsForExtensions()
    for arg in sys.argv[1:]:
        sym = "_" + arg
        if sym in symDict:
            id = symDict[sym]
        else:
            sym = "__ZTV%d%s" % (len(arg), arg)
            if sym in symDict:
                id = symDict[sym]
            else:
                id = "*** not found ***"
        print "%s %s" % (arg, id)
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

That's really convinent for me interms of the kext development, thanks eskimo 🙂 !

Posted by
Dennis Chen
Up vote reply of Dennis Chen Down vote reply of Dennis Chen
Add a Comment