你不应该调用proc_pid_cmdline().
在fs / proc / base.c中它是一个non-public function:
static int proc_pid_cmdline(struct seq_file *m,struct pid_namespace *ns,struct pid *pid,struct task_struct *task)
但是,它做的很简单:
get_cmdline(task,m->buf,PAGE_SIZE);
但这不太可能返回完整路径,并且无法确定每种情况下的完整路径.可以覆盖arg [0]值,可以删除或移动文件等.进程可以以隐藏原始命令行和各种其他疾病的方式执行().
扫描我的Fedora 20系统/ proc / * / cmdline会出现各种不太有用的结果:
-F
BUG:
WARNING: at
WARNING: cpu:
INFO: possible recursive locking detecte
ernel BUG at
list_del corruption
list_add corruption
do_IRQ: stack overflow:
ear stack overflow (cur:
eneral protection fault
nable to handle kernel
ouble fault:
RTNL: assertion Failed
eek! page_mapcount(page) went negative!
adness at
NETDEV WATCHDOG
ysctl table check Failed
: nobody cared
IRQ handler type mismatch
Machine Check Exception:
Machine check events logged
divide error:
bounds:
coprocessor segment overrun:
invalid TSS:
segment not present:
invalid opcode:
alignment check:
stack segment:
fpu exception:
simd exception:
iret exception:
/var/log/messages
--
/usr/bin/abrt-dump-oops
-xtD