Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Journal of jjore (6662)

Saturday April 18, 2009
12:59 PM

Useless "strace -e trace=execve" args on Mac OS X?!

[ #38825 ]

On a Mac, the job of strace is handled by DTrace scripts. I get it. It's awesome. The curpsinfo->pr_psargs char[] is supposed to have the process arguments. Apparently this works in all the Solaris examples. On the mac... not so much:

$ sudo dtrace -n 'syscall::exec*: {printf("%s",curpsinfo->pr_psargs)}'
dtrace: description 'syscall::exec*: ' matched 2 probes
CPU     ID                    FUNCTION:NAME
  0  17765                     execve:entry bash
  0  17766                    execve:return emacs
  1  17765                     execve:entry emacs
  1  17766                    execve:return emacs-i386
  1  17765                     execve:entry emacs-i386
  1  17766                    execve:return perl

All of those calls had arguments. For giggles, try trace() instead of prinf()

$ sudo dtrace -n 'syscall::exec*: {trace(curpsinfo->pr_psargs)}'
dtrace: description 'syscall::exec*: ' matched 2 probes
CPU     ID                    FUNCTION:NAME
  1  17765                     execve:entry
             0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f  0123456789abcdef
         0: 65 6d 61 63 73 00 61 6c 00 73 6b 00 00 00 00 00  emacs.al.sk.....
        10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        30: 00 00 00 00 00 46 04 04 00 00 00 00 01 00 00 00  .....F..........
        40: 00 00 00 00 00 00 00 00 00 00 00 00 30 f9 13 07  ............0...

:-( Mac loses?! Freaking annoying.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.