Expand description
§libcopes
libcopes is a library for monitoring exec and exit process events
efficiently by using the Linux process events connector kernel interface.
It also provides functionality to read some information from a process and
to determine the executable file that started the process itself.
§Example
Basic usage:
use libcopes::{
PEvent, ProcessEventsConnector, get_process_executed_file,
io::{cmdline_reader, exe_reader},
};
let connector = ProcessEventsConnector::try_new()?;
let mut events = connector.into_iter();
loop {
if let Some(event) = events.next() {
if let Ok(process_event) = event {
match process_event {
PEvent::Exec(pid) => {
let cmdline = cmdline_reader(pid)?;
let exe = get_process_executed_file(exe_reader(pid)?, &cmdline);
println!("Exec: PID {}, file: '{}', cmdline: {}", pid, exe, cmdline)
}
PEvent::Exit(pid) => println!("Exit: PID {}", pid),
}
}
}
}Modules§
- io
- Input / Output types and functions related to Linux processes and process events.
Structs§
- Executed
File Name - Name of the file that was executed.
- PCmd
Line - Process command line.
- PExe
- Process executable name.
- PID
- Process ID.
- Process
Events Connector - A connector to monitor process events.
Enums§
- PEvent
- Process event.
Functions§
- get_
process_ executed_ file - Returns the file name of the executable that started a process.