bcantrill/gist:5dabd838b7f3ce0bfde8a4934a39cc0d

## gistfile1.txt
root@1eec2cd3-2cba-e416-e1b6-845b715b736c:~# dtrace -n lx-syscall:::entry'/progenyof($target)/{@[probefunc] = count()}' -c "powershell Get-Process > /dev/null"
dtrace: description 'lx-syscall:::entry' matched 676 probes
dtrace: pid 60025 has exited

  arch_prctl                                                        1
  exit_group                                                        1
  getppid                                                           1
  getuid                                                            1
  mincore                                                           1
  mlock                                                             1
  set_tid_address                                                   1
  exit                                                              2
  getsid                                                            2
  mknod                                                             2
  setrlimit                                                         2
  uname                                                             2
  unlink                                                            2
  getrusage                                                         3
  poll                                                              3
  sched_get_priority_max                                            3
  sched_get_priority_min                                            3
  sched_getparam                                                    3
  sched_getscheduler                                                3
  sched_setscheduler                                                3
  getcwd                                                            4
  madvise                                                           4
  getrlimit                                                         5
  connect                                                           6
  socket                                                            6
  readlink                                                          8
  pipe                                                             10
  ioctl                                                            11
  clone                                                            12
  set_robust_list                                                  13
  rt_sigaction                                                     25
  statfs                                                           27
  brk                                                              29
  access                                                           32
  write                                                            42
  sched_getaffinity                                                48
  msync                                                            72
  dup                                                              77
  fcntl                                                           129
  sched_yield                                                     151
  geteuid                                                         154
  openat                                                          203
  getdents                                                        204
  fstatat64                                                       210
  gettid                                                          397
  lseek                                                           568
  flock                                                           634
  close                                                           670
  open                                                            700
  fstat                                                           790
  read                                                           1230
  lstat                                                          1465
  rt_sigprocmask                                                 2527
  futex                                                          3892
  munmap                                                         4191
  mmap                                                           4387
  mprotect                                                       7130
  stat                                                          12253

## gistfile2.txt
root@1eec2cd3-2cba-e416-e1b6-845b715b736c:~# dtrace -n lx-syscall:::entry'/progenyof($target)/{@[probefunc] = count()}' -c "bash -c ps"
dtrace: description 'lx-syscall:::entry' matched 676 probes
  PID TTY          TIME CMD
61804 pts/7    00:00:00 ps
61309 pts/7    00:00:00 bash
61248 pts/7    00:00:00 login
61802 pts/7    00:00:00 dtrace
dtrace: pid 61804 has exited

  execve                                                            1
  exit_group                                                        1
  getpeername                                                       1
  getpgrp                                                           1
  getpid                                                            1
  getppid                                                           1
  getrlimit                                                         1
  openat                                                            1
  arch_prctl                                                        2
  getdents                                                          2
  ioctl                                                             2
  lseek                                                             2
  readlink                                                          4
  rt_sigprocmask                                                    4
  uname                                                             4
  munmap                                                            5
  write                                                             5
  getegid                                                          10
  getgid                                                           10
  getuid                                                           10
  geteuid                                                          11
  fstat                                                            14
  mprotect                                                         15
  access                                                           17
  brk                                                              18
  mmap                                                             31
  rt_sigaction                                                     34
  stat                                                             62
  read                                                             75
  close                                                            82
  open                                                             95
	root@1eec2cd3-2cba-e416-e1b6-845b715b736c:~# dtrace -n lx-syscall:::entry'/progenyof($target)/{@[probefunc] = count()}' -c "powershell Get-Process > /dev/null"
	dtrace: description 'lx-syscall:::entry' matched 676 probes
	dtrace: pid 60025 has exited

	arch_prctl 1
	exit_group 1
	getppid 1
	getuid 1
	mincore 1
	mlock 1
	set_tid_address 1
	exit 2
	getsid 2
	mknod 2
	setrlimit 2
	uname 2
	unlink 2
	getrusage 3
	poll 3
	sched_get_priority_max 3
	sched_get_priority_min 3
	sched_getparam 3
	sched_getscheduler 3
	sched_setscheduler 3
	getcwd 4
	madvise 4
	getrlimit 5
	connect 6
	socket 6
	readlink 8
	pipe 10
	ioctl 11
	clone 12
	set_robust_list 13
	rt_sigaction 25
	statfs 27
	brk 29
	access 32
	write 42
	sched_getaffinity 48
	msync 72
	dup 77
	fcntl 129
	sched_yield 151
	geteuid 154
	openat 203
	getdents 204
	fstatat64 210
	gettid 397
	lseek 568
	flock 634
	close 670
	open 700
	fstat 790
	read 1230
	lstat 1465
	rt_sigprocmask 2527
	futex 3892
	munmap 4191
	mmap 4387
	mprotect 7130
	stat 12253
	root@1eec2cd3-2cba-e416-e1b6-845b715b736c:~# dtrace -n lx-syscall:::entry'/progenyof($target)/{@[probefunc] = count()}' -c "bash -c ps"
	dtrace: description 'lx-syscall:::entry' matched 676 probes
	PID TTY TIME CMD
	61804 pts/7 00:00:00 ps
	61309 pts/7 00:00:00 bash
	61248 pts/7 00:00:00 login
	61802 pts/7 00:00:00 dtrace
	dtrace: pid 61804 has exited

	execve 1
	exit_group 1
	getpeername 1
	getpgrp 1
	getpid 1
	getppid 1
	getrlimit 1
	openat 1
	arch_prctl 2
	getdents 2
	ioctl 2
	lseek 2
	readlink 4
	rt_sigprocmask 4
	uname 4
	munmap 5
	write 5
	getegid 10
	getgid 10
	getuid 10
	geteuid 11
	fstat 14
	mprotect 15
	access 17
	brk 18
	mmap 31
	rt_sigaction 34
	stat 62
	read 75
	close 82
	open 95