我试图找出一个特定的进程在OS X机器上执行的过程(包括参数)。 我之前没有使用DTrace,但认为它应该是微不足道的。 找了个例子,我发现这个,看起来和我想要的完全一样:
$ sudo dtrace -n 'proc:::exec-success { trace(curpsinfo->pr_psargs); }' 只是,它不能正常工作。 列出该命令的网站之一有示例输出,看起来很完美,但是当我尝试在OS X上运行它时,我得到以下内容:
dtrace: description 'proc:::exec-success ' matched 2 probes CPU ID FUNCTION:NAME 0 18616 posix_spawn:exec-success 0 1 2 3 4 5 6 7 8 9 abcdef 0123456789abcdef 0: 6d 64 77 6f 72 6b 65 72 00 73 6b 00 00 00 00 00 mdworker.sk..... 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 30: 00 00 00 00 70 e5 20 0a 00 00 00 00 01 00 00 00 ....p. ......... 40: 00 00 00 00 00 00 00 00 00 00 00 00 cc 42 1c 0a .............B.. 0 18610 __mac_execve:exec-success 0 1 2 3 4 5 6 7 8 9 abcdef 0123456789abcdef 0: 67 2b 2b 2d 34 2e 30 00 61 73 6b 00 00 00 00 00 g++-4.0.ask..... 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 30: 00 00 00 00 e0 e1 20 0a 00 00 00 00 01 00 00 00 ...... ......... 40: 00 00 00 00 00 00 00 00 00 00 00 00 8c 4d 7b 0b .............M{. 0 18610 __mac_execve:exec-success 0 1 2 3 4 5 6 7 8 9 abcdef 0123456789abcdef 0: 69 36 38 36 2d 61 70 70 6c 65 2d 64 61 72 77 69 i686-apple-darwi 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 30: 00 00 00 00 e0 e1 20 0a 00 00 00 00 01 00 00 00 ...... ......... 40: 00 00 00 00 00 00 00 00 00 00 00 00 14 8a 7b 0b ..............{. 3 18610 __mac_execve:exec-success 0 1 2 3 4 5 6 7 8 9 abcdef 0123456789abcdef 0: 63 6f 6c 6c 65 63 74 32 00 70 70 6c 65 2d 64 61 collect2.pple-da 10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 30: 00 00 00 00 f0 e3 20 0a 00 00 00 00 01 00 00 00 ...... ......... 40: 00 00 00 00 00 00 00 00 00 00 00 00 78 70 7b 0b ............xp{.
即只有argv [0]显示随机垃圾后。 另外,如果argv [0]长于16个字符,它将被截断!
有没有办法让DTrace在OS X上做我想做的事? 还是有其他的方式来find命令和参数在OS X上的东西被称为?
谢谢。
Snow Leopard附带一个名为/usr/bin/newproc.d的DTrace示例脚本。 它确实希望你想 – 但只有全球。 要限制它到一个单一的过程,你可以尝试这样的事情:
cp /usr/bin/newproc.d ~/newproc.d
通过更改以下行添加一个新的谓词
19: proc:::exec-success 20: {
进入这个:
19: proc:::exec-success 20: / ppid == $target / 21: {
现在执行这个新的脚本:
sudo ~/newproc.d -p <PID>
PID是要观察的进程的进程ID。 请告诉我,这是否适合你。 我只用bash过程简单地testing了一下。