mirror of
https://github.com/opnsense/src.git
synced 2026-04-14 13:57:02 -04:00
e572bc11ec
null-separated strings to a single string. This can be used to print the
full arguments of a process using execsnoop (from the DTrace toolkit) or
with the following one-liner:
dtrace -n 'syscall::execve:return {trace(curpsinfo->pr_psargs);}'
Note that this relies on the process arguments being cached via the struct
proc, which means that it will not work for argvs longer than
kern.ps_arg_cache_limit. However, the following rather non-portable
script can be used to extract any argv at exec time:
fbt::kern_execve:entry
{
printf("%s", memstr(args[1]->begin_argv, ' ',
args[1]->begin_envv - args[1]->begin_argv));
}
The debug.dtrace.memstr_max sysctl limits the maximum argument size to
memstr(). Thanks to Brendan Gregg for helpful comments on freebsd-dtrace.
Tested by: Fabian Keil (earlier version)
MFC after: 2 weeks
|
||
|---|---|---|
| .. | ||
| errno.d | ||
| io.d | ||
| ip.d | ||
| libproc_compat.h | ||
| Makefile | ||
| net.d | ||
| nfs.d | ||
| nfssrv.d | ||
| psinfo.d | ||
| regs_x86.d | ||
| sched.d | ||
| signal.d | ||
| tcp.d | ||
| udp.d | ||
| unistd.d | ||