Find the executable for a running process - Aix

This is a discussion on Find the executable for a running process - Aix ; How can I find the executable for a running process? For example I use ps -ef and get: java ... for the CMD. How can I find which java is being executed?...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Find the executable for a running process

  1. Find the executable for a running process

    How can I find the executable for a running process? For example I use
    ps -ef and get:

    java ...

    for the CMD. How can I find which java is being executed?



  2. Re: Find the executable for a running process

    On Sep 3, 2:38*pm, "null" wrote:
    > How can I find the executable for a running process? *For example I use
    > ps -ef and get:
    >
    > java ...
    >
    > for the CMD. *How can I find which java is being executed?


    Two ways that I would use:

    1) Assume the process is PID=123456
    run this command to get the environmental variables it was
    invoked with:
    ps ewww 123456

    Then, search the different directories named in the PATH variable
    for your executable... the first one you find will be it.

    2) If you have root access, you could look in the /proc filesystem.

    For example, lets assume that the PID is 123456, then you could
    navigate to:
    /proc/123456/object
    You will see a "lot" of entries, one of which will be a.out.

    If you do a ls -li on a.out, you will get something like this:
    53359 -r-xr-xr-x 1 bin bin 72381 Jul 10 2007
    a.out

    The number 53359 is the "inode number" of a.out.

    Do an ls -li on the entire directory, and you should see another file
    that has the same
    inode-number... like this:
    53359 -r-xr-xr-x 1 bin bin 72381 Jul 10 2007
    jfs2.10.5.53359

    This "name" of the file (jfs2.10.5.53359) identifies the "type" of
    filesystem (jfs2),
    the major/minor number of the device upon which the filesystem is
    (10.5), and the
    inode-number (53359).

    The next step is to identify the device... just do a "ls -l /dev" and
    look for an entry
    "like" this:
    brw-rw---- 1 root system 10, 5 Aug 27 18:33 hd2
    You will notice (10, 5) is the major/minor device number.

    Now we know that /dev/hd2 has the filesystem upon which inode 53359
    identifies
    our processes executable.

    Next run "df | grep /dev/hd2" and you'll get something like this:
    /dev/hd2 8650752 397920 96% 64876 53% /usr

    This says the /usr filesystem, is where the executable resides.

    Now, for the final step, run this command to find the file whose inode
    is 53359:

    find /usr -xdev -inum 53359 -ls
    53359 71 -r-xr-xr-x 1 bin bin 72381 Jul 10
    2007 /usr/java14/jre/bin/java

    HTH,
    -tony

  3. Re: Find the executable for a running process


    wrote in message
    news:33e51e4a-6101-4040-bc4a-ec9816e660fb@b38g2000prf.googlegroups.com...
    On Sep 3, 2:38 pm, "null" wrote:
    > How can I find the executable for a running process? For example I use
    > ps -ef and get:
    >
    > java ...
    >
    > for the CMD. How can I find which java is being executed?


    Two ways that I would use:

    1) Assume the process is PID=123456
    run this command to get the environmental variables it was
    invoked with:
    ps ewww 123456

    Then, search the different directories named in the PATH variable
    for your executable... the first one you find will be it.

    2) If you have root access, you could look in the /proc filesystem.

    For example, lets assume that the PID is 123456, then you could
    navigate to:
    /proc/123456/object
    You will see a "lot" of entries, one of which will be a.out.

    If you do a ls -li on a.out, you will get something like this:
    53359 -r-xr-xr-x 1 bin bin 72381 Jul 10 2007
    a.out

    The number 53359 is the "inode number" of a.out.

    Do an ls -li on the entire directory, and you should see another file
    that has the same
    inode-number... like this:
    53359 -r-xr-xr-x 1 bin bin 72381 Jul 10 2007
    jfs2.10.5.53359

    This "name" of the file (jfs2.10.5.53359) identifies the "type" of
    filesystem (jfs2),
    the major/minor number of the device upon which the filesystem is
    (10.5), and the
    inode-number (53359).

    The next step is to identify the device... just do a "ls -l /dev" and
    look for an entry
    "like" this:
    brw-rw---- 1 root system 10, 5 Aug 27 18:33 hd2
    You will notice (10, 5) is the major/minor device number.

    Now we know that /dev/hd2 has the filesystem upon which inode 53359
    identifies
    our processes executable.

    Next run "df | grep /dev/hd2" and you'll get something like this:
    /dev/hd2 8650752 397920 96% 64876 53% /usr

    This says the /usr filesystem, is where the executable resides.

    Now, for the final step, run this command to find the file whose inode
    is 53359:

    find /usr -xdev -inum 53359 -ls
    53359 71 -r-xr-xr-x 1 bin bin 72381 Jul 10
    2007 /usr/java14/jre/bin/java

    HTH,
    -tony

    Thanks, I'll give it a whirl.



  4. Re: Find the executable for a running process

    On Sep 4, 9:38 am, "null" wrote:
    > How can I find the executable for a running process? For example I use
    > ps -ef and get:
    >
    > java ...
    >
    > for the CMD. How can I find which java is being executed?


    if you have lsof installed
    lsof -p PID
    but the reply from Tony is much more detailed

  5. Re: Find the executable for a running process

    null wrote:
    > How can I find the executable for a running process? For example I use
    > ps -ef and get:
    >
    > java ...
    >
    > for the CMD. How can I find which java is being executed?


    The general answer to this question is, you can't with 100% reliability.
    ps reads the argv array in a process and the application is free to
    modify argv[0]. So you can't always be assured that what ps reports
    is reality.

    That said, the other posts about using ps ewww, etc, are the best way
    to go about your task.

  6. Re: Find the executable for a running process

    Gary R. Hook schrieb:
    > null wrote:
    >> How can I find the executable for a running process? For example I
    >> use ps -ef and get:
    >>
    >> java ...
    >>
    >> for the CMD. How can I find which java is being executed?

    >
    > The general answer to this question is, you can't with 100% reliability.
    > ps reads the argv array in a process and the application is free to
    > modify argv[0]. So you can't always be assured that what ps reports
    > is reality.
    >
    > That said, the other posts about using ps ewww, etc, are the best way
    > to go about your task.

    svmon -P should give you the filesystem and inode for the
    executable (for a 32bit process esid 1). And that should lead to
    the correct file (if it is still there and was not removed/unlink).

+ Reply to Thread