Make process name parsing more robust in linux_mode

[shadowpagetable]

Process identification fails with newer versions of the Debian kernel. This causes is_program to return false and the snapshot is not taken. This patch fixes the process name parsing by just taking the comm member of the tasks struct instead of looking up the address and casting it and dereferencing it. Hopefully this way is more stable for future versions since it doesn't rely on casting a pointer.

[0vercl0k]

Oh awesome thank you for sending this in! I'm currently on vacation so will take a closer look at this / get this merged next week ish :) Cheers

…

On Thu, Oct 9, 2025 at 11:45 AM Emma Reuter ***@***.***> wrote: Process identification fails with newer versions of the Debian kernel. This causes is_program to return false and the snapshot is not taken. This patch fixes the process name parsing by just taking the comm member of the tasks struct instead of looking up the address and casting it and dereferencing it. Hopefully this way is more stable for future versions since it doesn't rely on casting a pointer. ------------------------------ You can view, comment on, or merge this pull request online at: #241 Commit Summary - 3054be9 <3054be9> Fixed Process name parsing in linux_mode File Changes (1 file <https://github.com/0vercl0k/wtf/pull/241/files>) - *M* linux_mode/qemu_snapshot/gdb_fuzzbkpt.py <https://github.com/0vercl0k/wtf/pull/241/files#diff-e4b8850dda534eb33c5931c846bac254c949a08994058d1cc86a6beba021b573> (9) Patch Links: - https://github.com/0vercl0k/wtf/pull/241.patch - https://github.com/0vercl0k/wtf/pull/241.diff — Reply to this email directly, view it on GitHub <#241>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AALIORNGBLMWTA574JMHDTT3W2UMDAVCNFSM6AAAAACIYMZFDSVHI2DSMVQWIX3LMV43ASLTON2WKOZTGUYDAMRWGI2DEMA> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[shadowpagetable]

enjoy vacation, cheers

[0vercl0k]

Thank you! I am back now so will take a look at this this week :)

Cheers

[0vercl0k]

Oh crap, I wanted to ask what was the [1:] about before merging 😅?

Cheers

[shadowpagetable]

It's to remove a starting double quote but let me double check if it's actually needed.

[0vercl0k]

Thank you!

[shadowpagetable]

Yeah so you don't actually need to remove the leading " since in line 386 of gdb_fuzzbkpt.py. It just checks if curr_program_name is in self.program_name. Which also means you don't need to strip it on the 252. Up to you what you want to do. You could make it a strict comparison or just leave as is.

[shadowpagetable]

In practice I haven't seen another process identified besides the target one

[shadowpagetable]

could be shortened to

return  str(kernel.parse_and_eval("$lx_current().comm"))

if you want to keep the fuzzy check

[0vercl0k]

Thanks for taking another look at this @shadowpagetable and letting me know :) I think it's fine for now, I might try to clean this whenever I get to #244.

Cheers

[shadowpagetable]

Gotcha, Yeah I work with k0ss and Jason so happy to look into #244

[0vercl0k]

Oh awesome! I actually ran into those issues while trying to test this PR 😅