1

为了让我可以使用inject_and_interpose代码进行一些注入和插入,我需要在新启动的进程(典型的闭源用户应用程序)实际执行之前获取它的 PID。

To be clear, I need to do better than just "notice it quickly"--I can't be polling, or receiving some asynchronous notification that means that the process has already been executing for a few milliseconds by the time I take action.

I need to have a chance to do my injecting and interposing before a single statement executes.

I'm open to writing a background process that gets synchronously notified when a process by a particular name comes into existence. I'm also open to writing a launcher application that in turn fires up the target application.

Any solution needs to support 64-bit code, at a minimum, under 10.5 (Leopard) through 10.8 (Mountain Lion).

In case this proves to be painfully simple, I'll go ahead and admit that I'm new to OS X :) Thanks!

4

1 回答 1

1

我知道如何在 Linux 上执行此操作,所以在 OSX 上可能是相同的(-ish)。

您首先调用fork()以复制您的过程。的返回值fork()指示您是父母还是孩子。父进程得到子进程的pid,子进程得到零。

因此,子调用exec()实际开始执行新的可执行文件。通过使用在调用 fork 之前创建的管道,子进程可以在执行新的可执行文件之前等待父进程执行所需的任何操作。

pid_t pid = fork();
if (pid == -1) {
    perror("fork");
    exit(1);
}
if (pid > 0) {
    // I am the parent, and pid is the PID of the child process.

    //TODO: If desired, somehow notify child to proceed with exec
}
else {
    // I am the child.

    //TODO: If desired, wait no notification from parent to continue

    execl("path/to/executable", "executable", "arg1", NULL);

    // Should never get here.
    fprintf(stderr, "ERROR: execl failed!\n");  
}
于 2012-07-27T00:16:48.047 回答