e572bc11ec
null-separated strings to a single string. This can be used to print the
full arguments of a process using execsnoop (from the DTrace toolkit) or
with the following one-liner:
dtrace -n 'syscall::execve:return {trace(curpsinfo->pr_psargs);}'
Note that this relies on the process arguments being cached via the struct
proc, which means that it will not work for argvs longer than
kern.ps_arg_cache_limit. However, the following rather non-portable
script can be used to extract any argv at exec time:
fbt::kern_execve:entry
{
printf("%s", memstr(args[1]->begin_argv, ' ',
args[1]->begin_envv - args[1]->begin_argv));
}
The debug.dtrace.memstr_max sysctl limits the maximum argument size to
memstr(). Thanks to Brendan Gregg for helpful comments on freebsd-dtrace.
Tested by: Fabian Keil (earlier version)
MFC after: 2 weeks
|
||
|---|---|---|
| .. | ||
| amd64 | ||
| i386 | ||
| mips | ||
| powerpc | ||
| dtrace_anon.c | ||
| dtrace_cddl.h | ||
| dtrace_clone.c | ||
| dtrace_debug.c | ||
| dtrace_hacks.c | ||
| dtrace_ioctl.c | ||
| dtrace_load.c | ||
| dtrace_modevent.c | ||
| dtrace_sysctl.c | ||
| dtrace_test.c | ||
| dtrace_unload.c | ||
| dtrace_vtime.c | ||