OK, I'm going to try and take a stab at the question I think you're asking.
As you've discovered, a proc_t
is a pointer to an opaque struct proc
. Don't write it off though, as there are various functions that operate on such pointers, so you don't need to gain direct access to the struct (which helps maintain binary compatibility). Most of these are declared in sys/proc.h
in the Kernel.framework
- i.e. /System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/proc.h
. You mention PID and parent PID, for which there are the following:
/* returns the pid of the given process */
extern int proc_pid(proc_t);
/* returns the pid of the parent of a given process */
extern int proc_ppid(proc_t);
There are also functions for going the other way - getting the proc_t for a PID etc.
Note that these functions are part of the BSD portion of the kernel, so your kext needs to declare a dependency on the BSD KPI bundle in its info.plist. (look up the kextlibs tool if you haven't come across this yet)
Coming from Windows, you'll probably have to get used to reading header files and source codes instead of documentation. Much of the OSX kernel API is undocumented.