linux-sysprog · intermediate · ~15 min
Robust field extraction from /proc text.
/proc/self/status has lines like:
Name: cat
Pid: 12345
VmRSS: 1240 kB
Threads: 1
Implement long extract_vm_rss_kb(const char *status_blob) returning the
VmRSS value in kB, or -1 if not found / parse failure.
In the Kali toolchain, the first thing you do on a foothold box is enumerate its own posture: who am I (uid/gid), what can I do (capabilities), what's loaded into me. /proc/self/status exposes all of that in a flat text format that an attacker would parse the same way a defender does — to know whether the process is privileged. We're writing the defender's parser: read the file's bytes, pull out the fields, hand them up the stack. No privilege escalation, no kernel writes — just a structured read of a virtual file every Linux process gets for free.
The full file contents as one blob.
kB or -1.
sscanf with explicit width.
long extract_vm_rss_kb(const char *status_blob) { /* TODO */ (void)status_blob; return -1; }
Matching VmRSS inside another field like VmRSSData. Pin to start-of-line.
Field absent. Field with leading spaces.
O(strlen).
Solve this exercise in the browser editor — compile and run against the test harness, no setup required.