tgkill - Sending a signal to a thread in another thread group.
The tgkill syscall is used to send a signal to a thread in another thread group. It is the same as calling kill, but allows a thread to be targeted in another thread group, instead of needing to rely on a separate process.
The tgkill syscall is useful for situations when thread-to-thread and thread-group-to-thread-group communications are needed, but when signaling would otherwise be too imprecise.
The main disadvantage of tgkill is that it only works on two specific threads, not thread groups in general. This means it may be difficult to send a signal to all threads in another thread group.
int- The thread group identifier of the target process.
int- The thread identifier of the target thread in the thread group.
int[K] - The signal to be sent to the thread.
- K - Originated from kernel-space.
Kprobe + Kretprobe
Hooked to do_tgkill to monitor when tgkill is executed, and the arguments it is called with.
Example Use Case¶
tgkill can be useful in situations where two threads need to communicate, but are in different thread groups. For example, if one thread is in a daemon thread group and another is in a user process thread group, tgkill can be used to signal between the two.
Signal events (such as kill) and thread management events (such as clone).
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.