Extract complete executable command in linux.pslist

[yassine955]

I am analyzing my memory dump created with AVML. Click here for the fix, on how to create a memory dump on android.

I do python3 vol.py -f ../avml/avml_dump.lime linux.pslist

When I made this dump, I had an application running called Notepad. I don't see it? Is it because of the COMM names, they are cut-off, not all the letters are shown, what could be the issue?

Volatility 3 Framework 2.7.0
Progress:  100.00       Stacking attempts finished                 
OFFSET (V)  PID TID PPID    COMM    File output

0x8d5dead02c40  1   1   0   init    Disabled
0x8d5dead049c0  2   2   0   kthreadd    Disabled
0x8d5dead05880  3   3   2   rcu_gp  Disabled
0x8d5dead00ec0  4   4   2   rcu_par_gp  Disabled
0x8d5dead00000  6   6   2   kworker/0:0H    Disabled
0x8d5dead06740  8   8   2   mm_percpu_wq    Disabled
0x8d5dead22c40  9   9   2   ksoftirqd/0 Disabled
0x8d5dead249c0  10  10  2   rcu_preempt Disabled
0x8d5dead25880  11  11  2   migration/0 Disabled
0x8d5dead26740  13  13  2   cpuhp/0 Disabled
0x8d5dead70000  14  14  2   cpuhp/1 Disabled
0x8d5dead73b00  15  15  2   migration/1 Disabled
0x8d5dead76740  16  16  2   ksoftirqd/1 Disabled
0x8d5dead749c0  18  18  2   kworker/1:0H    Disabled
0x8d5dead75880  19  19  2   cpuhp/2 Disabled
0x8d5dead70ec0  20  20  2   migration/2 Disabled
0x8d5dead71d80  21  21  2   ksoftirqd/2 Disabled
0x8d5dead78ec0  23  23  2   kworker/2:0H    Disabled
0x8d5dead79d80  24  24  2   cpuhp/3 Disabled
0x8d5dead78000  25  25  2   migration/3 Disabled
0x8d5dead7bb00  26  26  2   ksoftirqd/3 Disabled
0x8d5dead7ac40  28  28  2   kworker/3:0H    Disabled
0x8d5deadd3b00  29  29  2   netns   Disabled
0x8d5deadd6740  30  30  2   rcu_tasks_kthre Disabled
0x8d5deadd2c40  31  31  2   kauditd Disabled
0x8d5deadd49c0  32  32  2   oom_reaper  Disabled
0x8d5deadd5880  33  33  2   writeback   Disabled
0x8d5deadd0ec0  34  34  2   kcompactd0  Disabled
0x8d5deaf6e740  48  48  2   cryptd  Disabled
0x8d5dea40e740  81  81  2   kblockd Disabled
0x8d5dea40c9c0  83  83  2   blk_crypto_wq   Disabled
0x8d5deadd1d80  84  84  2   devfreq_wq  Disabled
0x8d5deadd0000  85  85  2   watchdogd   Disabled
0x8d5dea6d49c0  86  86  2   cfg80211    Disabled
0x8d5dea6d3b00  91  91  2   kswapd0 Disabled
0x8d5dea40bb00  93  93  2   acpi_thermal_pm Disabled
0x8d5dea408ec0  96  96  2   uas Disabled
0x8d5dea40d880  97  97  2   dm_bufio_cache  Disabled
0x8d5de98a9d80  98  98  2   ion_system_heap Disabled
0x8d5de98a8000  99  99  2   ipv6_addrconf   Disabled
0x8d5dea6d2c40  100 100 2   krfcommd    Disabled
0x8d5de9af8000  117 117 2   kworker/2:2 Disabled
0x8d5de9afac40  118 118 2   sugov:0 Disabled
0x8d5de98abb00  119 119 2   sugov:1 Disabled
0x8d5de98ae740  120 120 2   sugov:2 Disabled
0x8d5de98aac40  121 121 2   kworker/3:2 Disabled
0x8d5de98ac9c0  122 122 2   sugov:3 Disabled
0x8d5de98ad880  123 123 2   md  Disabled
0x8d5de9afc9c0  126 126 2   kworker/1:2 Disabled
0x8d5deafcd880  127 127 2   kworker/3:1H    Disabled
0x8d5deafcc9c0  128 128 2   kworker/0:1H    Disabled
0x8d5de9afd880  129 129 2   kworker/1:1H    Disabled
0x8d5de9af8ec0  130 130 2   kworker/2:1H    Disabled
0x8d5de9af9d80  131 131 2   hwrng   Disabled
0x8d5de9afbb00  132 132 2   jbd2/vdd1-8 Disabled
0x8d5de6258000  133 133 2   ext4-rsv-conver Disabled
0x8d5de625bb00  134 134 2   kdmflush    Disabled
0x8d5de625e740  135 135 2   kdmflush    Disabled
0x8d5deafcac40  136 136 2   kdmflush    Disabled
0x8d5deafce740  137 137 2   kdmflush    Disabled
0x8d5deafcbb00  138 138 2   kdmflush    Disabled
0x8d5deafc8000  139 139 2   kverityd    Disabled
0x8d5deafbd880  141 141 2   ext4-rsv-conver Disabled
0x8d5de9a70ec0  144 144 2   ext4-rsv-conver Disabled
0x8d5deafbc9c0  145 145 2   ext4-rsv-conver Disabled
0x8d5de9a75880  146 146 2   ext4-rsv-conver Disabled
0x8d5de625c9c0  149 149 1   init    Disabled
0x8d5de5785880  151 151 1   ueventd Disabled
0x8d5de9a749c0  159 159 2   loop0   Disabled
0x8d5deafbe740  160 160 2   ext4-rsv-conver Disabled
0x8d5de6259d80  161 161 2   loop1   Disabled
0x8d5de6258ec0  162 162 2   ext4-rsv-conver Disabled
0x8d5de3d40ec0  163 163 2   loop2   Disabled
0x8d5de3d41d80  164 164 2   ext4-rsv-conver Disabled
0x8d5de3d40000  165 165 2   loop3   Disabled
0x8d5de57849c0  166 166 2   ext4-rsv-conver Disabled
0x8d5de9a72c40  167 167 2   loop4   Disabled
0x8d5de9a76740  168 168 2   ext4-rsv-conver Disabled
0x8d5de9a73b00  169 169 2   loop5   Disabled
0x8d5dea6d5880  170 170 2   ext4-rsv-conver Disabled
0x8d5deafb8ec0  176 176 1   logd    Disabled
0x8d5deafb9d80  177 177 1   lmkd    Disabled
0x8d5deafb8000  178 178 1   servicemanager  Disabled
0x8d5dea6d1d80  179 179 1   hwservicemanage Disabled
0x8d5de3d43b00  181 181 2   psimon  Disabled
0x8d5deafbac40  186 186 1   qemu-props  Disabled
0x8d5de3d46740  187 187 1   Binder:187_2    Disabled
0x8d5de3d45880  195 195 1   keymaster@4.1-s Disabled
0x8d5de28eac40  197 197 2   kdmflush    Disabled
0x8d5de28ec9c0  201 201 2   kworker/u9:2    Disabled
0x8d5dea6d0000  208 208 2   jbd2/dm-5-8 Disabled
0x8d5dea6d6740  209 209 2   ext4-rsv-conver Disabled
0x8d5deaf72c40  212 212 1   suspend@1.0-ser Disabled
0x8d5deaf76740  213 213 1   atrace@1.0-serv Disabled
0x8d5de28e8ec0  226 226 2   loop6   Disabled
0x8d5de28e9d80  228 228 2   ext4-rsv-conver Disabled
0x8d5de281ac40  229 229 2   loop7   Disabled
0x8d5de28e8000  230 230 2   ext4-rsv-conver Disabled
0x8d5de28ebb00  231 231 2   loop8   Disabled
0x8d5de28ee740  232 232 2   ext4-rsv-conver Disabled
0x8d5de10c8000  233 233 2   loop9   Disabled
0x8d5de10cbb00  234 234 2   ext4-rsv-conver Disabled
0x8d5de10ce740  235 235 2   loop10  Disabled
0x8d5de10cac40  236 236 2   ext4-rsv-conver Disabled
0x8d5de10cc9c0  237 237 2   loop11  Disabled
0x8d5de281e740  238 238 2   ext4-rsv-conver Disabled
0x8d5de281c9c0  239 239 2   loop12  Disabled
0x8d5de281bb00  240 240 2   ext4-rsv-conver Disabled
0x8d5de281d880  241 241 2   loop13  Disabled
0x8d5deaf70000  242 242 2   ext4-rsv-conver Disabled
0x8d5deaf71d80  243 243 2   loop14  Disabled
0x8d5de10cd880  244 244 2   ext4-rsv-conver Disabled
0x8d5de10c8ec0  245 245 2   loop15  Disabled
0x8d5de10c9d80  246 246 2   ext4-rsv-conver Disabled
0x8d5de0aee740  247 247 2   loop16  Disabled
0x8d5de0aeac40  248 248 2   ext4-rsv-conver Disabled
0x8d5de0aec9c0  249 249 2   loop17  Disabled
0x8d5de0aed880  250 250 2   ext4-rsv-conver Disabled
0x8d5de0ae8ec0  251 251 2   loop18  Disabled
0x8d5deaf70ec0  252 252 2   ext4-rsv-conver Disabled
0x8d5deaf73b00  253 253 2   loop19  Disabled
0x8d5de0ae9d80  254 254 2   ext4-rsv-conver Disabled
0x8d5deaf6bb00  255 255 2   loop20  Disabled
0x8d5deaf68000  256 256 2   ext4-rsv-conver Disabled
0x8d5deaf68ec0  257 257 2   loop21  Disabled
0x8d5de0be2c40  258 258 2   ext4-rsv-conver Disabled
0x8d5de0be5880  259 259 2   loop22  Disabled
0x8d5de0ae8000  260 260 2   ext4-rsv-conver Disabled
0x8d5de0be0ec0  261 261 2   loop23  Disabled
0x8d5de0be1d80  262 262 2   ext4-rsv-conver Disabled
0x8d5de0be0000  263 263 2   loop24  Disabled
0x8d5de0be3b00  264 264 2   ext4-rsv-conver Disabled
0x8d5de0be6740  265 265 2   loop25  Disabled
0x8d5de0be49c0  266 266 2   ext4-rsv-conver Disabled
0x8d5de0841d80  267 267 2   loop26  Disabled
0x8d5de0840000  268 268 2   ext4-rsv-conver Disabled
0x8d5de0843b00  269 269 2   loop27  Disabled
0x8d5de2818000  270 270 2   ext4-rsv-conver Disabled
0x8d5deaf69d80  282 282 1   magiskd Disabled
0x8d5de1f10ec0  289 289 1   createns    Disabled
0x8d5deaf6ac40  294 294 1   tombstoned  Disabled
0x8d5de0840ec0  299 299 1   Binder:299_2    Disabled
0x8d5de1f10000  300 300 1   Binder:300_4    Disabled
0x8d5de1f12c40  301 301 1   main    Disabled
0x8d5de1f149c0  302 302 1   main    Disabled
0x8d5de3d42c40  306 306 1   allocator@1.0-s Disabled
0x8d5de3ec6740  307 307 1   audio.service.r Disabled
0x8d5de3ec2c40  308 308 1   authsecret@1.0- Disabled
0x8d5deaf25880  309 309 1   bluetooth@1.1-s Disabled
0x8d5deaf22c40  310 310 1   provider@2.4-se Disabled
0x8d5deaf26740  311 311 1   provider@2.6-se Disabled
0x8d5deaf21d80  312 312 1   cas@1.2-service Disabled
0x8d5deaf20ec0  313 313 1   contexthub@1.1- Disabled
0x8d5de08449c0  314 314 1   drm@1.0-service Disabled
0x8d5deaf249c0  315 315 1   drm@1.3-service Disabled
0x8d5de3ec49c0  316 316 1   drm@1.3-service Disabled
0x8d5de0c9bb00  317 317 1   gatekeeper@1.0- Disabled
0x8d5de0c9e740  318 318 1   allocator@3.0-s Disabled
0x8d5de0c9ac40  319 319 1   composer@2.3-se Disabled
0x8d5de0c9c9c0  320 320 1   health@2.1-serv Disabled
0x8d5de0c9d880  321 321 1   neuralnetworks@ Disabled
0x8d5de0c98ec0  322 322 1   neuralnetworks@ Disabled
0x8d5de0c99d80  323 323 1   neuralnetworks@ Disabled
0x8d5de05149c0  324 324 300 iptables-restor Disabled
0x8d5de0515880  325 325 300 ip6tables-resto Disabled
0x8d5de0c98000  327 327 1   neuralnetworks@ Disabled
0x8d5de0652c40  328 328 1   neuralnetworks@ Disabled
0x8d5de06549c0  329 329 1   stats@1.0-servi Disabled
0x8d5de0655880  330 330 1   sensors@2.1-ser Disabled
0x8d5de0650ec0  331 331 1   thermal@2.0-ser Disabled
0x8d5de0651d80  332 332 1   usb@1.0-service Disabled
0x8d5de0650000  333 333 1   wifi@1.0-servic Disabled
0x8d5de0653b00  334 334 1   android.hardwar Disabled
0x8d5de0656740  336 336 1   android.hardwar Disabled
0x8d5ddd05e740  338 338 1   android.hardwar Disabled
0x8d5ddd05ac40  340 340 1   android.hardwar Disabled
0x8d5ddd058ec0  348 348 1   android.hardwar Disabled
0x8d5ddd311d80  369 369 1   audioserver Disabled
0x8d5ddd310000  374 374 1   credstore   Disabled
0x8d5ddd313b00  376 376 1   Binder:376_2    Disabled
0x8d5ddd316740  379 379 1   surfaceflinger  Disabled
0x8d5dda098000  390 390 1   logcat  Disabled
0x8d5dda31bb00  414 414 1   adbd    Disabled
0x8d5dd71e5880  422 422 1   traced_probes   Disabled
0x8d5dd71e0ec0  423 423 1   traced  Disabled
0x8d5dd71e0000  434 434 1   mdnsd   Disabled
0x8d5dd734e740  436 436 1   cameraserver    Disabled
0x8d5dd734ac40  437 437 1   drmserver   Disabled
0x8d5dd734d880  439 439 1   Binder:439_2    Disabled
0x8d5dd7348ec0  440 440 1   Binder:440_2    Disabled
0x8d5dd358c9c0  442 442 1   Binder:442_2    Disabled
0x8d5dd358d880  443 443 1   keystore    Disabled
0x8d5dd3588ec0  444 444 1   mediaextractor  Disabled
0x8d5dd3589d80  445 445 1   mediametrics    Disabled
0x8d5dd3588000  446 446 1   mediaserver Disabled
0x8d5dd358bb00  447 447 1   storaged    Disabled
0x8d5dd358e740  448 448 1   wificond    Disabled
0x8d5dd358ac40  449 449 1   omx@1.0-service Disabled
0x8d5dd2051d80  450 450 1   libgoldfish-ril Disabled
0x8d5dd2050000  453 453 1   mediaswcodec    Disabled
0x8d5dd2056740  456 456 1   gatekeeperd Disabled
0x8d5dd36b9d80  460 460 1   face@1.0-servic Disabled
0x8d5dd36b8000  463 463 1   fingerprint@2.1 Disabled
0x8d5dd2050ec0  492 492 1   netmgr  Disabled
0x8d5dd2015880  494 494 1   wifi_forwarder  Disabled
0x8d5dd20549c0  500 500 1   hostapd_nohidl  Disabled
0x8d5dd36bc9c0  504 504 1   dhcpclient  Disabled
0x8d5dd37a1d80  531 531 301 Binder:531_3    Disabled
0x8d5dc52dac40  603 603 1   classifier@1.0- Disabled
0x8d5db9cf8ec0  669 669 1   wpa_supplicant  Disabled
0x8d5db9cf0000  671 671 301 droid.bluetooth Disabled
0x8d5db9e949c0  689 689 301 ndroid.systemui Disabled
0x8d5ddd03bb00  782 782 1   gnss@2.0-servic Disabled
0x8d5db7345880  835 835 302 webview_zygote  Disabled
0x8d5db9efbb00  869 869 301 rkstack.process Disabled
0x8d5dbd1ee740  889 889 442 iorap.prefetche Disabled
0x8d5db731e740  903 903 301 com.android.se  Disabled
0x8d5db71c5880  936 936 301 m.android.phone Disabled
0x8d5db70e0000  961 961 301 id.ext.services Disabled
0x8d5daf4c8ec0  1061    1061    301 s.nexuslauncher Disabled
0x8d5daf4c3b00  1187    1187    301 .gms.persistent Disabled
0x8d5db73449c0  1425    1425    301 rs.media.module Disabled
0x8d5dbd331d80  1482    1482    301 hbox:interactor Disabled
0x8d5da42c1d80  1518    1518    301 .ims.rcsservice Disabled
0x8d5da60a8000  1542    1542    301 or.multidisplay Disabled
0x8d5d9e943b00  1594    1594    301 ocess.gservices Disabled
0x8d5d9ca38000  1640    1640    301 earchbox:search Disabled
0x8d5d9ca2c9c0  1751    1751    301 gle.android.gms Disabled
0x8d5d933b3b00  1874    1874    301 android.vending Disabled
0x8d5d98762c40  2867    2867    302 gle.android.ims Disabled
0x8d5d83e16740  3745    3745    301 putmethod.latin Disabled
0x8d5da32b0000  4091    4091    301 oid.setupwizard Disabled
0x8d5d9b2b0ec0  4751    4751    301 ssioncontroller Disabled
0x8d5db2fb1d80  4796    4796    301 d.configupdater Disabled
0x8d5d845b49c0  5405    5405    2   kworker/0:1 Disabled
0x8d5da7506740  5466    5466    2   kworker/2:0 Disabled
0x8d5d83dfac40  5525    5525    301 ndroid.settings Disabled
0x8d5d83e15880  5559    5559    301 gs.intelligence Disabled
0x8d5db2dc5880  5605    5605    2   kworker/3:1 Disabled
0x8d5db2dc6740  5609    5609    2   kworker/u8:0    Disabled
0x8d5db2dc3b00  5611    5611    2   kworker/u8:3    Disabled
0x8d5d85cae740  5618    5618    2   kworker/u9:3    Disabled
0x8d5d80065880  5623    5623    2   kworker/0:0 Disabled
0x8d5d933f8000  5625    5625    2   kworker/1:0 Disabled
0x8d5d85ca8ec0  5825    5825    2   kworker/u8:1    Disabled
0x8d5d8aaa0000  5832    5832    2   kworker/u9:0    Disabled
0x8d5da3138000  5862    5862    414 abb Disabled
0x8d5d8aaa2c40  5870    5870    2   kworker/u8:2    Disabled
0x8d5d8aaa6740  5873    5873    2   kworker/u8:4    Disabled
0x8d5da4350ec0  5883    5883    301 .apps.wellbeing Disabled
0x8d5d85e4d880  5912    5912    301 ackageinstaller Disabled
0x8d5d845e5880  5923    5923    2   kworker/u9:1    Disabled
0x8d5d98761d80  5936    5936    2   kworker/u9:4    Disabled
0x8d5d933b6740  5977    5977    2   kworker/2:1 Disabled
0x8d5d92818000  5982    5982    1   apexd   Disabled
0x8d5d92818ec0  5988    5988    301 armerbb.notepad Disabled
0x8d5db0e5d880  6069    6069    2   kworker/3:0 Disabled
0x8d5d84660ec0  6073    6073    301 oid.documentsui Disabled
0x8d5db2d249c0  6100    6100    301 externalstorage Disabled
0x8d5d85ca9d80  6121    6121    301 d.process.media Disabled
0x8d5d9ead6740  6141    6141    301 m.android.shell Disabled
0x8d5d9eacd880  6161    6161    301 android.traceur Disabled
0x8d5da76eac40  6181    6181    301 droid.apps.docs Disabled
0x8d5d9c96bb00  6278    6278    2   kworker/0:2 Disabled
0x8d5d89fed880  6301    6301    414 sh  Disabled
0x8d5d89fe9d80  6306    6306    6301    su  Disabled
0x8d5da75c1d80  6310    6310    282 sh  Disabled
0x8d5d9c96d880  6326    6326    301 opjohnwu.magisk Disabled
0x8d5dbd619d80  6348    6348    6326    su  Disabled
0x8d5d85cfe740  6351    6351    282 libbusybox.so   Disabled
0x8d5da75c0000  6357    6357    6351    main    Disabled
0x8d5da1e48000  6525    6525    302 oid.apps.photos Disabled
0x8d5d85178ec0  6571    6571    6310    avml    Disabled

[ikelos]

It's possible that the structure has a limit on the number of characters in the comm field (which I believe is a fixed length array). There currently isn't code to locate and reconstruct the full command line of the process, volatility doesn't have that information to display. What it sounds like you're requesting is a feature enhancement to extract additional information as part of the linux.pslist plugin, to get a complete command line. I've updated the issue accordingly...

[yassine955]

Thank you for your reaction! The thing is this. My application is called com.farmerbb.notepad. I generated some data, which I want to find back in volatility 3. How would you access this process, and dump it?

This is the application: https://www.apkmirror.com/apk/braden-farmer/notepad/notepad-3-0-4-release/notepad-3-0-4-android-apk-download/

[eve-mem]

Hello, comm in the task struct is limited to 16 chars in the task struct, which is what's happening here.

You can see it's set here in the kernel and used later in the task_struct https://elixir.bootlin.com/linux/latest/source/include/linux/sched.h#L300

If i remember correctly the psaux plugin should help you.

To dump it you can just add --dump to the pslist command. If you wanted the memory allocations (heap etc) then the proc.Maps plugin with dump should get you the results you need.

[yassine955]

My main concern is to find my application that was running on the device, and to see if I can find it. But the 16 chars is making it hard to find ;(

[eve-mem]

Gove psaux a try.

[yassine955]

This looks way better!

Change the option -r to either pretty or json, works great. The width of these columns are to narrow ;(

Progress:  100.00               Stacking attempts finished                 
PID     PPID    COMM    ARGS

1       0       init    -
2       0       kthreadd        [kthreadd]
3       2       rcu_gp  [rcu_gp]
4       2       rcu_par_gp      [rcu_par_gp]
5       2       kworker/0:0     [kworker/0:0]
6       2       kworker/0:0H    [kworker/0:0H]
7       2       kworker/u8:0    [kworker/u8:0]
8       2       mm_percpu_wq    [mm_percpu_wq]
9       2       kworker/u8:1    [kworker/u8:1]
10      2       rcu_tasks_kthre [rcu_tasks_kthre]
11      2       rcu_tasks_trace [rcu_tasks_trace]
12      2       ksoftirqd/0     [ksoftirqd/0]
13      2       rcu_preempt     [rcu_preempt]
14      2       migration/0     [migration/0]
15      2       cpuhp/0 [cpuhp/0]
16      2       cpuhp/1 [cpuhp/1]
17      2       migration/1     [migration/1]
18      2       ksoftirqd/1     [ksoftirqd/1]
19      2       kworker/1:0     [kworker/1:0]
20      2       kworker/1:0H    [kworker/1:0H]
21      2       cpuhp/2 [cpuhp/2]
22      2       migration/2     [migration/2]
23      2       ksoftirqd/2     [ksoftirqd/2]
24      2       kworker/2:0     [kworker/2:0]
25      2       kworker/2:0H    [kworker/2:0H]
26      2       cpuhp/3 [cpuhp/3]
27      2       migration/3     [migration/3]
28      2       ksoftirqd/3     [ksoftirqd/3]
29      2       kworker/3:0     [kworker/3:0]
30      2       kworker/3:0H    [kworker/3:0H]
31      2       netns   [netns]
32      2       kauditd [kauditd]
33      2       kworker/1:1     [kworker/1:1]
34      2       kworker/2:1     [kworker/2:1]
35      2       khungtaskd      [khungtaskd]
36      2       oom_reaper      [oom_reaper]
37      2       writeback       [writeback]
38      2       kcompactd0      [kcompactd0]
39      2       khugepaged      [khugepaged]
44      2       kworker/3:1     [kworker/3:1]
57      2       cryptd  [cryptd]
85      2       kblockd [kblockd]
86      2       blkcg_punt_bio  [blkcg_punt_bio]
87      2       edac-poller     [edac-poller]
88      2       devfreq_wq      [devfreq_wq]
89      2       watchdogd       [watchdogd]
90      2       kworker/2:1H    [kworker/2:1H]
103     2       kswapd0 [kswapd0]
104     2       kworker/0:1     [kworker/0:1]
105     2       kworker/u9:0    [kworker/u9:0]
106     2       erofs_worker/0  [erofs_worker/0]
107     2       erofs_worker/1  [erofs_worker/1]
108     2       erofs_worker/2  [erofs_worker/2]
109     2       erofs_worker/3  [erofs_worker/3]
111     2       acpi_thermal_pm [acpi_thermal_pm]
112     2       dmabuf-deferred [dmabuf-deferred]
113     2       uas     [uas]
114     2       dm_bufio_cache  [dm_bufio_cache]
115     2       ipv6_addrconf   [ipv6_addrconf]
116     2       krfcommd        [krfcommd]
130     2       kworker/3:2     [kworker/3:2]
133     2       cfg80211        [cfg80211]
134     2       kworker/3:1H    [kworker/3:1H]
135     2       sugov:0 [sugov:0]
136     2       sugov:1 [sugov:1]
137     2       sugov:2 [sugov:2]
138     2       sugov:3 [sugov:3]
143     2       kworker/1:1H    [kworker/1:1H]
144     2       md      [md]
145     2       kworker/1:2     [kworker/1:2]
146     2       kworker/1:3     [kworker/1:3]
147     2       kworker/2:2     [kworker/2:2]
148     2       tpm_dev_wq      [tpm_dev_wq]
149     2       tpm-vtpm        [tpm-vtpm]
150     2       usbip_event     [usbip_event]
151     2       kworker/0:1H    [kworker/0:1H]
152     2       khvcd   [khvcd]
153     2       hwrng   [hwrng]
156     2       jbd2/vdd1-8     [jbd2/vdd1-8]
157     2       ext4-rsv-conver [ext4-rsv-conver]
158     2       kdmflush        [kdmflush]
159     2       kdmflush        [kdmflush]
160     2       kdmflush        [kdmflush]
161     2       kdmflush        [kdmflush]
162     2       kdmflush        [kdmflush]
163     2       kverityd        [kverityd]
164     2       kworker/3:2H    [kworker/3:2H]
165     2       ext4-rsv-conver [ext4-rsv-conver]
166     2       kworker/3:3H    [kworker/3:3H]
167     2       ext4-rsv-conver [ext4-rsv-conver]
168     2       ext4-rsv-conver [ext4-rsv-conver]
169     2       ext4-rsv-conver [ext4-rsv-conver]
170     2       kworker/3:4H    [kworker/3:4H]
172     2       kworker/3:5H    [kworker/3:5H]
173     2       kworker/3:6H    [kworker/3:6H]
174     2       kworker/3:7H    [kworker/3:7H]
175     2       kworker/3:8H    [kworker/3:8H]
177     1       init    -
179     1       ueventd /system/bin/ueventd
188     2       loop0   [loop0]
189     2       loop1   [loop1]
190     2       ext4-rsv-conver [ext4-rsv-conver]
191     2       ext4-rsv-conver [ext4-rsv-conver]
192     2       loop2   [loop2]
193     2       ext4-rsv-conver [ext4-rsv-conver]
194     2       loop3   [loop3]
195     2       ext4-rsv-conver [ext4-rsv-conver]
199     1       logd    /system/bin/logd
200     1       lmkd    /system/bin/lmkd
201     1       servicemanager  -
202     1       hwservicemanage -
203     1       qemu-props      -
204     2       psimon  [psimon]
209     2       kworker/0:2     [kworker/0:2]
210     1       Binder:210_2    -
216     1       suspend@1.0-ser -
217     1       Binder:217_2    -
218     1       atrace@1.0-serv -
219     1       keymaster@4.1-s -
230     2       kdmflush        [kdmflush]
231     2       blk_crypto_wq   [blk_crypto_wq]
234     2       kworker/u9:1    [kworker/u9:1]
235     2       kworker/u9:2    [kworker/u9:2]
236     2       kworker/u9:3    [kworker/u9:3]
240     2       kworker/u9:4    [kworker/u9:4]
241     2       jbd2/dm-5-8     [jbd2/dm-5-8]
242     2       ext4-rsv-conver [ext4-rsv-conver]
251     1       tombstoned      -
259     2       loop4   [loop4]
260     2       loop5   [loop5]
261     2       ext4-rsv-conver [ext4-rsv-conver]
262     2       loop6   [loop6]
263     2       ext4-rsv-conver [ext4-rsv-conver]
264     2       loop7   [loop7]
265     2       ext4-rsv-conver [ext4-rsv-conver]
266     2       ext4-rsv-conver [ext4-rsv-conver]
267     2       loop8   [loop8]
268     2       loop9   [loop9]
269     2       ext4-rsv-conver [ext4-rsv-conver]
270     2       ext4-rsv-conver [ext4-rsv-conver]
271     2       loop10  [loop10]
272     2       loop11  [loop11]
273     2       ext4-rsv-conver [ext4-rsv-conver]
274     2       ext4-rsv-conver [ext4-rsv-conver]
275     2       loop12  [loop12]
276     2       ext4-rsv-conver [ext4-rsv-conver]
277     2       loop13  [loop13]
278     2       ext4-rsv-conver [ext4-rsv-conver]
279     2       loop14  [loop14]
280     2       ext4-rsv-conver [ext4-rsv-conver]
281     2       loop15  [loop15]
282     2       ext4-rsv-conver [ext4-rsv-conver]
283     2       loop16  [loop16]
284     2       ext4-rsv-conver [ext4-rsv-conver]
285     2       loop17  [loop17]
286     2       ext4-rsv-conver [ext4-rsv-conver]
287     2       loop18  [loop18]
288     2       ext4-rsv-conver [ext4-rsv-conver]
289     2       loop19  [loop19]
290     2       ext4-rsv-conver [ext4-rsv-conver]
291     2       loop20  [loop20]
292     2       ext4-rsv-conver [ext4-rsv-conver]
293     2       loop21  [loop21]
294     2       ext4-rsv-conver [ext4-rsv-conver]
295     2       loop22  [loop22]
296     2       ext4-rsv-conver [ext4-rsv-conver]
297     2       loop23  [loop23]
298     2       ext4-rsv-conver [ext4-rsv-conver]
299     2       loop24  [loop24]
300     2       ext4-rsv-conver [ext4-rsv-conver]
301     2       loop25  [loop25]
302     2       ext4-rsv-conver [ext4-rsv-conver]
303     2       loop26  [loop26]
304     2       ext4-rsv-conver [ext4-rsv-conver]
305     2       loop27  [loop27]
306     2       ext4-rsv-conver [ext4-rsv-conver]
307     2       loop28  [loop28]
308     2       ext4-rsv-conver [ext4-rsv-conver]
326     1       magiskd -
343     1       dhcpclient      -
350     1       Binder:350_2    -
351     1       Binder:351_4    /system/bin/netd
352     1       main    -
356     1       allocator@1.0-s -
357     1       audio.service   /vendor/bin/hw/android.hardware.audio.service
358     1       authsecret@1.0- -
359     1       bluetooth@1.1-s -
360     1       provider@2.4-se -
361     1       provider@2.7-se -
362     1       cas@1.2-service -
363     1       contexthub@1.1- -
364     1       drm@1.0-service -
365     1       drm@1.4-service -
366     1       drm@1.4-service -
367     1       gatekeeper@1.0- -
368     1       allocator@3.0-s -
369     1       composer@2.3-se -
370     1       health@2.1-serv -
371     1       c2@1.0-service- -
372     1       neuralnetworks@ -
373     1       neuralnetworks@ -
374     1       neuralnetworks@ -
375     1       neuralnetworks@ -
376     1       neuralnetworks@ -
377     1       stats@1.0-servi -
378     1       sensors@2.1-ser -
381     1       thermal@2.0-ser -
382     1       usb@1.0-service -
385     351     iptables-restor /system/bin/iptables-restore --noflush -w -v
386     351     ip6tables-resto /system/bin/ip6tables-restore --noflush -w -v
390     1       wifi@1.0-servic -
391     1       android.hardwar -
393     1       android.hardwar -
394     1       android.hardwar -
395     1       android.hardwar -
396     1       android.hardwar -
398     1       audioserver     -
399     1       credstore       -
406     1       Binder:406_2    -
411     1       surfaceflinger  -
452     1       adbd    /apex/com.android.adbd/bin/adbd --root_seclabel=u:r:su:s0
462     1       drmserver       -
466     1       traced_probes   -
467     1       traced  -
469     1       bt_vhci_forward -
472     1       cameraserver    /system/bin/cameraserver
475     1       Binder:475_2    -
476     1       Binder:476_2    -
477     1       mediaextractor  -
479     1       mediametrics    -
487     1       mediaserver     -
488     1       storaged        -
493     1       wificond        -
498     1       libgoldfish-ril -
499     1       mediaswcodec    -
501     1       mdnsd   /system/bin/mdnsd
503     1       gatekeeperd     -
507     1       face@1.0-servic -
508     1       fingerprint@2.1 -
555     352     system_server   system_server                                                                
641     1       classifier@1.0- -
709     1       wpa_supplicant  -
711     352     droid.bluetooth -
712     352     ndroid.systemui -
773     1       gnss@2.0-servic -
804     352     webview_zygote  -
814     352     rkstack.process com.android.networkstack.process                                             
862     352     com.android.se  -
889     352     m.android.phone -
912     352     id.ext.services -
1049    352     s.nexuslauncher -
1100    352     .gms.persistent -
1270    2       kworker/u8:2    [kworker/u8:2]
1368    352     gle.android.gms com.google.android.gms                                                       
1388    352     rs.media.module com.google.android.providers.media.module                                    
1407    352     ocess.gservices -
1409    352     hbox:interactor -
1429    352     s.messaging:rcs -
1455    352     or.multidisplay -
1600    352     earchbox:search -
1802    352     .apps.messaging -
2383    352     putmethod.latin -
3554    352     ogle.android.gm -
3934    352     oid.setupwizard -
4309    352     .android.dialer -
4588    352     .android.chrome com.android.chrome                                                           
4645    352     d.chrome_zygote -
4669    352     ileged_process0 com.android.chrome:privileged_process0                                       
4811    2       kworker/u8:3    [kworker/u8:3]
5044    2       kworker/0:3     [kworker/0:3]
5045    2       kworker/3:9H    [kworker/3:9H]
5072    2       kworker/3:10H   [kworker/3:10H]
5086    352     tatementservice com.android.statementservice                                                 
5087    352     viders.calendar com.android.providers.calendar                                               
5129    352     droid.apps.maps com.google.android.apps.maps                                                 
5167    352     oid.apps.photos com.google.android.apps.photos                                               
5212    352     .apps.wellbeing com.google.android.apps.wellbeing                                            
5244    352     s.youtube.music com.google.android.apps.youtube.music                                        
5312    352     ndroid.calendar com.google.android.calendar                                                  
5427    352     droid.deskclock com.google.android.deskclock                                                 
5458    352     gle.android.tts com.google.android.tts                                                       
5500    352     android.youtube com.google.android.youtube                                                   
5610    4645    ocessService0:1 com.android.chrome:sandboxed_process0:org.chromium.content.app.SandboxedProce
5655    352     ndroid.settings com.android.settings                                                         
5684    352     gs.intelligence com.google.android.settings.intelligence                                     
5709    352     ssioncontroller com.google.android.permissioncontroller                                      
5767    352     d.process.acore android.process.acore                                                        
5790    452     sh      -/system/bin/sh
5792    5790    su      su
5795    328     sh      /system/bin/sh
5797    5795    avml    /data/local/tmp/avml /data/local/tmp/avml_dump.lime
5811    352     opjohnwu.magisk -
5830    5827    su      -
5834    4857    libbusybox.so   /data/app/~~GwPaygLd0WVVplNtSDzeMQ==/com.topjohnwu.magisk-PPj1dVGKSBQo1QTAOaJqdQ==/lib/x86_64/libbusybox.so sh
5840    5834    main    com.topjohnwu.magisk:root    

[eve-mem]

Great stuff, did this manage to fix your issue?

[yassine955]

Much better!