Last active
August 29, 2015 14:08
-
-
Save nlitsme/709f98ac8ef8c4e36aed to your computer and use it in GitHub Desktop.
trace executed processes in osx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/sbin/dtrace -s | |
| #pragma D option quiet | |
| syscall::exec*:entry | |
| { | |
| printf("exec %s -> %s\n", execname, copyinstr(arg0)); | |
| } | |
| proc:::exec-failure | |
| { | |
| printf("fail -> %s\n", stringof(curpsinfo->pr_psargs)); | |
| } | |
| syscall::exec*:return | |
| { | |
| this->argp = curpsinfo->pr_argv; | |
| this->argc = curpsinfo->pr_argc; | |
| this->ptrsize = curpsinfo->pr_dmodel == PR_MODEL_ILP32 ? 4 : 8; | |
| this->argndx = 0; | |
| printf("exec%d -> %s\n", this->ptrsize, stringof(curpsinfo->pr_psargs)); | |
| printf("%s", this->argc<=0 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+0*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=1 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+1*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=2 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+2*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=3 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+3*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=4 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+4*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=5 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+5*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=6 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+6*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=7 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+7*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=8 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+8*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=9 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+9*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=10 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+10*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=11 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+11*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=12 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+12*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=13 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+13*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=14 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+14*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=15 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+15*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=16 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+16*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=17 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+17*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=18 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+18*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=19 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+19*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=20 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+20*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=21 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+21*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=22 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+22*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=23 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+23*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=24 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+24*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=25 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+25*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=26 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+26*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=27 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+27*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=28 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+28*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=29 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+29*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=30 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+30*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=31 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+31*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=32 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+32*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=33 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+33*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=34 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+34*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=35 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+35*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=36 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+36*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=37 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+37*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=38 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+38*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=39 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+39*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=40 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+40*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=41 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+41*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=42 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+42*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=43 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+43*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=44 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+44*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=45 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+45*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=46 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+46*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=47 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+47*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=48 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+48*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=49 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+49*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=50 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+50*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=51 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+51*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=52 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+52*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=53 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+53*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=54 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+54*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=55 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+55*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=56 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+56*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=57 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+57*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=58 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+58*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=59 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+59*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=60 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+60*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=61 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+61*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=62 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+62*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=63 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+63*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=64 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+64*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=65 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+65*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=66 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+66*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=67 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+67*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=68 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+68*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=69 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+69*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=70 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+70*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=71 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+71*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=72 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+72*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=73 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+73*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=74 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+74*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=75 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+75*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=76 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+76*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=77 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+77*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=78 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+78*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=79 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+79*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=80 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+80*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=81 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+81*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=82 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+82*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=83 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+83*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=84 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+84*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=85 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+85*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=86 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+86*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=87 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+87*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=88 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+88*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=89 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+89*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=90 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+90*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=91 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+91*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=92 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+92*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=93 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+93*this->ptrsize, this->ptrsize))))); | |
| printf("%s", this->argc<=94 ? "" : strjoin(" ", copyinstr(*((uintptr_t *)copyin(this->argp+94*this->ptrsize, this->ptrsize))))); | |
| printf("\n"); | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment