I have a program that needs to kill any other instances of itself when it starts. In windows I can do this well enough (without WMI) by getting processes by name and searching for the exe of the application (which is unique enough for this to work well enough). In linux it’s all dotnet foo.dll so every dotnet application is running the dotnet binary as it’s process name. I am hoping to pull out that first argument to the dll name in order to differentiate dotnet processes and find any processes with an identical set of arguments on the dotnet binary.
In windows using dotnet (as far as I can tell) the usual way is with WMI and ManagementObjectSearcher, which is very slow but mostly works. You can also import some windows functions like OpenProcess and NtQueryInformationProcess, which is faster.
Those options are windows only so I’m looking for an alternative implementation that can do something similar in linux. I’m aware that at a linux shell you can rather easily (eg ps aux) find the full set of arguments to launch most all processes. So as a last resort, I could shell out to ps aux, and either parse that, or do the whole fratricide in a shell one liner. But I would prefer not to depend on shelling out where it’s not absolutely necessary, is there an alternative to do this in linux?
Advertisement
Answer
To get the command line of process PID, read /proc/PID/cmdline. Of course, a malicious process can change its cmdline after it starts, but most don’t. The words in cmdline will be separated by ”.