Hi,
I am a kernel newbie. To better understand the proc filesystem implementation and how the kernel root kits work, I am trying to modify the fs/proc code to hide a pid to be displayed under /proc. I have created a system call to pass a flag(to task struct for that process), to temporarily hide a process to be displayed. The next step as I understand would be to modify the proc fs code so that when I scan the task list to display /proc/<pid> entries, it should check my flag and not display a directory for that pid if the flag is set.

Now, my problem is, I am not able to figure out how/where the proc fs scans the task structure list in order to display /proc/<pid> entry. Does somebody have any suggestions to me? Any help will be greatly appriciated.

This is the first time I am modifying the kernel and also adding new modules to the kernel. Please excuse if the question is very trivial..

Thanks a lot,
Nisha