D program to sniff all access to a file.

sniffFileAccess

#! /usr/sbin/dtrace -s
#pragma D option quiet

 dtrace:::BEGIN 
{
  self->start = 0;
}

syscall::write:entry,
syscall::write_nocancel:entry,
syscall::read:entry,
syscall::read_nocancel:entry
/$$1 == fds[arg0].fi_name/
{
	self->start = 1;
	self->arg0 = arg0;
	self->arg1 = arg1;
	self->arg2 = arg2;
}

syscall::write:return,
syscall::write_nocancel:return,
syscall::read:return,
syscall::read_nocancel:return
/self->start != 0 && arg0 == -1/
{
	self->start = 0;
}

syscall::write:return,
syscall::write_nocancel:return,
syscall::read:return,
syscall::read_nocancel:return
/self->start != 0 && arg0 != -1/
{
	this->content = (char*) copyin(self->arg1,arg0);
	printf("%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c", this->content[0],this->content[1],this->content[2],this->content[3],this->content[4],this->content[5],this->content[6],this->content[7],this->content[8],this->content[9],this->content[10],this->content[11],this->content[12],this->content[13],this->content[14],this->content[15],this->content[16],this->content[17],this->content[18],this->content[19],this->content[20],this->content[21],this->content[22],this->content[23],this->content[24],this->content[25],this->content[26],this->content[27],this->content[28],this->content[29],this->content[30],this->content[31],this->content[32],this->content[33],this->content[34],this->content[35],this->content[36],this->content[37],this->content[38],this->content[39],this->content[40],this->content[41],this->content[42],this->content[43],this->content[44],this->content[45],this->content[46],this->content[47],this->content[48],this->content[49],this->content[50],this->content[51],this->content[52],this->content[53],this->content[54],this->content[55],this->content[56],this->content[57],this->content[58],this->content[59],this->content[60],this->content[61],this->content[62],this->content[63]);
}