Skip to content

a pstree mod that prints other helpful information and with added functionality

Notifications You must be signed in to change notification settings

h0mbre/busychild

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Busychild

Busychild is a pstree like utility with some added functionality built on. Busychild is aimed at getting a better understanding of applications which create numerous child processes. Busychild should allow users to peek into a portion of the IPC being used by the target process and highlight shared file descriptors (sockets (not datagram afaik), pipes) with other processes.

Hopefully the code isn't completely opaque and users are able to modify it to suit their needs. There is a lot of room left for added functionality as I've only chosen to highlight a small subset of the information available about a given process. There are many unexplored process aspects which lend themselves well to being highlighted by the program, such as: shared mapped files, CPU utilization, virtual memory size, process state, etc. These are all available through the wonderful procfs Crate.

Busychild is in a very early stage, please report any bugs! The code could use a heavy dose of refactoring, but it seems to be in a working state. I've hardcoded a constant in the code in order to render the process start times as a UTC timestamp correctly, this constant is the _SC_CLK_TCK which, when used in conjuction with the process' start time and the OS boot time, can give you a UTC timestamp. This constant is set to 100 on my machine, please check yours in order to get the right result

Tested on Ubuntu 18.04: 5.4.0-42-generic #46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Thanks

Big thanks to @epi052 who actually wrote most of the recursive child discovery code!

Currently, Busychild displays the following process information:

  • pid and process name,
  • parent pid,
  • level (a recursion level as compared to the greatest parent process),
  • owner (uid of process owner),
  • start time,
  • thread count,
  • command line,
  • socket inodes and the pids with which this inode is shared, and
  • pipe inodes and the pids with which this inode is shared

Installation

  • git clone https://github.com/h0mbre/busychild
  • cd busychild
  • cargo build --release

Usage

OPTIONS:
	-q, --quiet	only print information for target pid
	-s, --socket	print information for specific socket inode
	-p, --pipe	print information for specific pipe inode
	-h, --help	print this!
EXAMPLES:
	usage: ./busychild <pid> <options>
	usage: ./busychild 1337
	usage: ./busychild 1337 -q
	usage: ./busychild <inode switch> <inode number>
	usage: ./busychild -s 1337
	usage: ./busychild -p 1337

Default Mode

The default mode will take a target pid, sysargv[1], and will recursively map out both parents of the pid and children of the pid. This mode will then color-code each discovered process node and arrange them in a pstree-like hiearchy.

Default mode can be utilized as follows:

  • ./busychild <pid>
  • ./busychild 1

Quiet Mode

Quiet mode is similar to Default Mode; however, only the target pid information will be printed.

Quiet mode can be utilized as follows:

  • ./busychild <pid> -q
  • ./busychild <pid> --quiet

Socket Mode

Socket mode will look up a socket inode and try to find all of the processes which have an open file descriptor to this socket.

Socket mode can be utilized as follows:

  • ./busychild -s <socket_number>
  • ./busychild --socket <socket_number>

Pipe Mode

Pipe mode will look up a socket inode and try to find all of the processes which have an open file descriptor to this socket.

Pipe mode can be utilized as follows:

  • ./busychild -p <socket_number>
  • ./busychild --pipe <socket_number>

Output

Here is some sample output for default mode with pid 121486.

About

a pstree mod that prints other helpful information and with added functionality

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages