Skip to content

Instantly share code, notes, and snippets.

@nlitsme

nlitsme/filetrace.d

Last active August 29, 2015 14:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nlitsme/8924f7429dc9cad9cd5a to your computer and use it in GitHub Desktop.
Save nlitsme/8924f7429dc9cad9cd5a to your computer and use it in GitHub Desktop.
Download ZIP
trace opened files for all processes in osx
Raw
filetrace.d
#!/usr/sbin/dtrace -s
syscall::open*:entry {
this->exe= execname;
this->file= copyinstr(arg0);
this->mode= arg1;
}
syscall::open*:return {
printf("%4d (%4d) %-20s\tM%07o %s",arg0, errno, this->exe, this->mode, this->file);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment