IO redirection - Used in https://rhardih.io/2017/11/behind-the-scenes-of-shell-io-redirection/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PID/THRD SYSCALL(args) = return | |
| 1436/0x5b3d: write_nocancel(0x2, "\n\0", 0x1) = 1 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x108D3311C, 0x108D33120) = 0x0 0 | |
| 1436/0x5b3d: ioctl(0x0, 0x80487414, 0x108D33038) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x3, 0x108D33120, 0x0) = 0x0 0 | |
| 1436/0x5b3d: sigaction(0x2, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 | |
| 1436/0x5b3d: sigaction(0xF, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 | |
| 1436/0x5b3d: sigaction(0x3, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 | |
| 1436/0x5b3d: sigaction(0xE, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 | |
| 1436/0x5b3d: sigaction(0x12, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 | |
| 1436/0x5b3d: sigaction(0x16, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 | |
| 1436/0x5b3d: sigaction(0x15, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 | |
| 1436/0x5b3d: sigaction(0x1C, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 | |
| 1436/0x5b3d: sigaction(0x2, 0x7FFF56F5DC98, 0x7FFF56F5DCC0) = 0 0 | |
| 1436/0x5b3d: stat64(".\0", 0x7FFF56F5E790, 0x7FFF56F5DCC0) = 0 0 | |
| 1436/0x5b3d: stat64("/usr/gnu/bin/cat\0", 0x7FFF56F5E6A0, 0x7FFF56F5DCC0) = -1 Err#2 | |
| 1436/0x5b3d: stat64("/usr/local/bin/cat\0", 0x7FFF56F5E6A0, 0x7FFF56F5DCC0) = -1 Err#2 | |
| 1436/0x5b3d: stat64("/bin/cat\0", 0x7FFF56F5E6A0, 0x7FFF56F5DCC0) = 0 0 | |
| 1436/0x5b3d: stat64("/bin/cat\0", 0x7FFF56F5E6E0, 0x7FFF56F5DCC0) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E864, 0x7FFF56F5E860) = 0x0 0 | |
| dtrace: error on enabled probe ID 2018 (ID 260: syscall::execve:return): invalid address (0x7fb1f340e340) in action #12 at DIF offset 24 | |
| 1436/0x5b3d: fork() = 1458 0 | |
| 1436/0x5b3d: setpgid(0x5B2, 0x5B2, 0x7FFF56F5E860) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E860, 0x0) = 0x0 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E85C, 0x7FFF56F5E858) = 0x0 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E82C, 0x7FFF56F5E828) = 0x0 0 | |
| 1436/0x5b3d: ioctl(0xFF, 0x4004667A, 0x7FFF56F5E77C) = 0 0 | |
| 1436/0x5b3d: ioctl(0xFF, 0x80047476, 0x7FFF56F5E7FC) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E828, 0x0) = 0x0 0 | |
| 1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E858, 0x0) = 0x0 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E864, 0x7FFF56F5E860) = 0x0 0 | |
| 1458/0x5c1d: fork() = 0 0 | |
| 1458/0x5c1d: thread_selfid(0x0, 0x0, 0x0) = 23581 0 | |
| 1458/0x5c1d: bsdthread_register(0x7FFF9BA29344, 0x7FFF9BA29334, 0x2000) = -1 Err#22 | |
| 1458/0x5c1d: getpid(0x7FFF9BA29344, 0x7FFF9BA29334, 0x2000) = 1458 0 | |
| 1458/0x5c1d: sigprocmask(0x3, 0x108D30EF8, 0x0) = 0x0 0 | |
| 1458/0x5c1d: sigaction(0x12, 0x7FFF56F5E7F8, 0x7FFF56F5E820) = 0 0 | |
| 1458/0x5c1d: sigaction(0x15, 0x7FFF56F5E7F8, 0x7FFF56F5E820) = 0 0 | |
| 1458/0x5c1d: sigaction(0x16, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 | |
| 1458/0x5c1d: setpgid(0x5B2, 0x5B2, 0x7FFF56F5E830) = 0 0 | |
| 1458/0x5c1d: sigprocmask(0x1, 0x7FFF56F5E83C, 0x7FFF56F5E838) = 0x0 0 | |
| 1458/0x5c1d: ioctl(0xFF, 0x4004667A, 0x7FFF56F5E78C) = 0 0 | |
| 1458/0x5c1d: ioctl(0xFF, 0x80047476, 0x7FFF56F5E80C) = 0 0 | |
| 1458/0x5c1d: sigprocmask(0x3, 0x7FFF56F5E838, 0x0) = 0x0 0 | |
| 1458/0x5c1d: sigaction(0x2, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 | |
| 1458/0x5c1d: sigaction(0x3, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 | |
| 1458/0x5c1d: sigaction(0xF, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 | |
| 1458/0x5c1d: sigaction(0x14, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 | |
| 1458/0x5c1d: open("bar.txt\0", 0x601, 0x1B6) = 3 0 | |
| 1458/0x5c1d: dup2(0x3, 0x1, 0x1B6) = 1 0 | |
| 1458/0x5c1d: close(0x3) = 0 0 | |
| 1458/0x5c1d: thread_selfid(0x7FB1F340E340, 0x7FB1F340E450, 0x7FB1F3502140) = 23581 0 | |
| 1458/0x5c1d: csops(0x0, 0x0, 0x7FFF5D3A7DC0) = 0 0 | |
| 1458/0x5c1d: csrctl(0x0, 0x7FFF5D3A7CFC, 0x4) = -1 Err#1 | |
| 1458/0x5c1d: shared_region_check_np(0x7FFF5D3A5CC8, 0x7FFF5D3A7CFC, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/libSystem.B.dylib\0", 0x7FFF5D3A7088, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libcache.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libdyld.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/liblaunch.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libmacho.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_coretls.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_kernel.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_network.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_platform.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_pthread.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libunc.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libunwind.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/system/libxpc.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/libobjc.A.dylib\0", 0x7FFF5D3A5F78, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/libauto.dylib\0", 0x7FFF5D3A5F78, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/libc++abi.dylib\0", 0x7FFF5D3A5E58, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/libc++.1.dylib\0", 0x7FFF5D3A5E58, 0x4) = 0 0 | |
| 1458/0x5c1d: stat64("/usr/lib/libDiagnosticMessagesClient.dylib\0", 0x7FFF5D3A5D48, 0x4) = 0 0 | |
| 1458/0x5c1d: open("/dev/dtracehelper\0", 0x2, 0x7FFF5D3A7C80) = 3 0 | |
| 1458/0x5c1d: ioctl(0x3, 0x80086804, 0x7FFF5D3A7C08) = 0 0 | |
| 1458/0x5c1d: close(0x3) = 0 0 | |
| 1458/0x5c1d: sysctl(0x7FFF5D3A73D0, 0x2, 0x7FFF5D3A73E0) = 0 0 | |
| 1458/0x5c1d: thread_selfid(0x7FFF5D3A73D0, 0x2, 0x7FFF5D3A73E0) = 23581 0 | |
| 1458/0x5c1d: bsdthread_register(0x7FFF9BA29344, 0x7FFF9BA29334, 0x2000) = 1073741887 0 | |
| 1458/0x5c1d: mprotect(0x10285E000, 0x88, 0x1) = 0 0 | |
| 1458/0x5c1d: mprotect(0x102860000, 0x1000, 0x0) = 0 0 | |
| 1458/0x5c1d: mprotect(0x102876000, 0x1000, 0x0) = 0 0 | |
| 1458/0x5c1d: mprotect(0x102877000, 0x1000, 0x0) = 0 0 | |
| 1458/0x5c1d: mprotect(0x10288D000, 0x1000, 0x0) = 0 0 | |
| 1458/0x5c1d: mprotect(0x10288E000, 0x1000, 0x1) = 0 0 | |
| 1458/0x5c1d: mprotect(0x10285E000, 0x88, 0x3) = 0 0 | |
| 1458/0x5c1d: mprotect(0x10285E000, 0x88, 0x1) = 0 0 | |
| 1458/0x5c1d: issetugid(0x10285E000, 0x88, 0x1) = 0 0 | |
| 1458/0x5c1d: getpid(0x10285E000, 0x88, 0x1) = 1458 0 | |
| 1458/0x5c1d: stat64("/AppleInternal/XBS/.isChrooted\0", 0x7FFF5D3A7338, 0x1) = -1 Err#2 | |
| 1458/0x5c1d: stat64("/AppleInternal\0", 0x7FFF5D3A72A8, 0x1) = -1 Err#2 | |
| 1458/0x5c1d: csops(0x5B2, 0x7, 0x7FFF5D3A6DC0) = 0 0 | |
| 1458/0x5c1d: sysctl(0x7FFF5D3A7180, 0x4, 0x7FFF5D3A6EF8) = 0 0 | |
| 1458/0x5c1d: csops(0x5B2, 0x7, 0x7FFF5D3A66B0) = 0 0 | |
| 1458/0x5c1d: proc_info(0x2, 0x5B2, 0x11) = 56 0 | |
| 1458/0x5c1d: open("foo.txt\0", 0x0, 0x102858F51) = 3 0 | |
| 1458/0x5c1d: fstat64(0x1, 0x7FFF5D3A8DC0, 0x102858F51) = 0 0 | |
| 1458/0x5c1d: read(0x3, "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod\ntempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At\nvero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren,\nno sea takimata ", 0x1000) = 296 0 | |
| 1458/0x5c1d: write(0x1, "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod\ntempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At\nvero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren,\nno sea takimata ", 0x128) = 296 0 | |
| 1458/0x5c1d: read(0x3, "\0", 0x1000) = 0 0 | |
| 1458/0x5c1d: close(0x3) = 0 0 | |
| 1458/0x5c1d: getrlimit(0x1008, 0x7FFF5D3A8CD8, 0x1000) = 0 0 | |
| 1458/0x5c1d: close_nocancel(0x1) = 0 0 | |
| 1436/0x5b3d: wait4(0xFFFFFFFF, 0x7FFF56F5E824, 0x12) = 1458 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E83C, 0x7FFF56F5E838) = 0x0 0 | |
| 1436/0x5b3d: ioctl(0xFF, 0x4004667A, 0x7FFF56F5E78C) = 0 0 | |
| 1436/0x5b3d: ioctl(0xFF, 0x80047476, 0x7FFF56F5E80C) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E838, 0x0) = 0x0 0 | |
| 1436/0x5b3d: ioctl(0xFF, 0x40487413, 0x108D31FA0) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E860, 0x0) = 0x0 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x0, 0x7FFF56F5ECB0) = 0x0 0 | |
| 1436/0x5b3d: sigaltstack(0x0, 0x7FFF56F5ECA0, 0x7FFF56F5ECB0) = 0 0 | |
| 1436/0x5b3d: sigaction(0x2, 0x7FFF56F5EC78, 0x7FFF56F5ECA0) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5DCCC, 0x7FFF56F5DCC8) = 0x0 0 | |
| 1436/0x5b3d: ioctl(0xFF, 0x4004667A, 0x7FFF56F5DC1C) = 0 0 | |
| 1436/0x5b3d: ioctl(0xFF, 0x80047476, 0x7FFF56F5DC9C) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5DCC8, 0x0) = 0x0 0 | |
| 1436/0x5b3d: sigaction(0x2, 0x7FFF56F5DC98, 0x7FFF56F5DCC0) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x108D3311C, 0x108D33120) = 0x0 0 | |
| 1436/0x5b3d: ioctl(0x0, 0x40087468, 0x7FFF56F5DBD8) = 0 0 | |
| 1436/0x5b3d: ioctl(0x0, 0x80087467, 0x7FFF56F5DBD8) = 0 0 | |
| 1436/0x5b3d: ioctl(0x0, 0x40487413, 0x7FFF56F5DC48) = 0 0 | |
| 1436/0x5b3d: ioctl(0x0, 0x80487414, 0x7FFF56F5DC48) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x3, 0x108D33120, 0x0) = 0x0 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x108D3315C, 0x108D33160) = 0x0 0 | |
| 1436/0x5b3d: sigaction(0x2, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 | |
| 1436/0x5b3d: sigaction(0xF, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 | |
| 1436/0x5b3d: sigaction(0xF, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 | |
| 1436/0x5b3d: sigaction(0x3, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 | |
| 1436/0x5b3d: sigaction(0x3, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 | |
| 1436/0x5b3d: sigaction(0xE, 0x7FFF56F5DC38, 0x7FFF56F5DC70) = 0 0 | |
| 1436/0x5b3d: sigaction(0x12, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 | |
| 1436/0x5b3d: sigaction(0x12, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 | |
| 1436/0x5b3d: sigaction(0x16, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 | |
| 1436/0x5b3d: sigaction(0x16, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 | |
| 1436/0x5b3d: sigaction(0x15, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 | |
| 1436/0x5b3d: sigaction(0x15, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 | |
| 1436/0x5b3d: sigprocmask(0x3, 0x108D33160, 0x0) = 0x0 0 | |
| 1436/0x5b3d: sigaction(0x1C, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 | |
| 1436/0x5b3d: write_nocancel(0x2, "bash-3.2$ \0", 0xA) = 10 0 | |
| 1436/0x5b3d: sigprocmask(0x1, 0x0, 0x7FFF56F5DC90) = 0x0 0 | |
| 1436/0x5b3d: sigaltstack(0x0, 0x7FFF56F5DC80, 0x7FFF56F5DC90) = 0 0 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PID/THRD SYSCALL(args) = return | |
| 1436/0x5b3d: write_nocancel(0x2, "\n\0", 0x1) = 1 0 | |
| dtrace: error on enabled probe ID 2018 (ID 260: syscall::execve:return): invalid address (0x7fb1f340e340) in action #12 at DIF offset 24 | |
| 1436/0x5b3d: fork() = 1458 0 | |
| 1436/0x5b3d: setpgid(0x5B2, 0x5B2, 0x7FFF56F5E860) = 0 0 | |
| 1458/0x5c1d: fork() = 0 0 | |
| 1458/0x5c1d: thread_selfid(0x0, 0x0, 0x0) = 23581 0 | |
| 1458/0x5c1d: bsdthread_register(0x7FFF9BA29344, 0x7FFF9BA29334, 0x2000) = -1 Err#22 | |
| 1458/0x5c1d: getpid(0x7FFF9BA29344, 0x7FFF9BA29334, 0x2000) = 1458 0 | |
| 1458/0x5c1d: setpgid(0x5B2, 0x5B2, 0x7FFF56F5E830) = 0 0 | |
| 1458/0x5c1d: open("bar.txt\0", 0x601, 0x1B6) = 3 0 | |
| 1458/0x5c1d: dup2(0x3, 0x1, 0x1B6) = 1 0 | |
| 1458/0x5c1d: close(0x3) = 0 0 | |
| 1458/0x5c1d: thread_selfid(0x7FB1F340E340, 0x7FB1F340E450, 0x7FB1F3502140) = 23581 0 | |
| 1458/0x5c1d: csops(0x0, 0x0, 0x7FFF5D3A7DC0) = 0 0 | |
| 1458/0x5c1d: csrctl(0x0, 0x7FFF5D3A7CFC, 0x4) = -1 Err#1 | |
| 1458/0x5c1d: shared_region_check_np(0x7FFF5D3A5CC8, 0x7FFF5D3A7CFC, 0x4) = 0 0 | |
| 1458/0x5c1d: open("/dev/dtracehelper\0", 0x2, 0x7FFF5D3A7C80) = 3 0 | |
| 1458/0x5c1d: close(0x3) = 0 0 | |
| 1458/0x5c1d: sysctl(0x7FFF5D3A73D0, 0x2, 0x7FFF5D3A73E0) = 0 0 | |
| 1458/0x5c1d: thread_selfid(0x7FFF5D3A73D0, 0x2, 0x7FFF5D3A73E0) = 23581 0 | |
| 1458/0x5c1d: bsdthread_register(0x7FFF9BA29344, 0x7FFF9BA29334, 0x2000) = 1073741887 0 | |
| 1458/0x5c1d: issetugid(0x10285E000, 0x88, 0x1) = 0 0 | |
| 1458/0x5c1d: getpid(0x10285E000, 0x88, 0x1) = 1458 0 | |
| 1458/0x5c1d: csops(0x5B2, 0x7, 0x7FFF5D3A6DC0) = 0 0 | |
| 1458/0x5c1d: sysctl(0x7FFF5D3A7180, 0x4, 0x7FFF5D3A6EF8) = 0 0 | |
| 1458/0x5c1d: csops(0x5B2, 0x7, 0x7FFF5D3A66B0) = 0 0 | |
| 1458/0x5c1d: proc_info(0x2, 0x5B2, 0x11) = 56 0 | |
| 1458/0x5c1d: open("foo.txt\0", 0x0, 0x102858F51) = 3 0 | |
| 1458/0x5c1d: read(0x3, "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod\ntempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At\nvero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren,\nno sea takimata ", 0x1000) = 296 0 | |
| 1458/0x5c1d: write(0x1, "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod\ntempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At\nvero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren,\nno sea takimata ", 0x128) = 296 0 | |
| 1458/0x5c1d: read(0x3, "\0", 0x1000) = 0 0 | |
| 1458/0x5c1d: close(0x3) = 0 0 | |
| 1458/0x5c1d: getrlimit(0x1008, 0x7FFF5D3A8CD8, 0x1000) = 0 0 | |
| 1458/0x5c1d: close_nocancel(0x1) = 0 0 | |
| 1436/0x5b3d: wait4(0xFFFFFFFF, 0x7FFF56F5E824, 0x12) = 1458 0 | |
| 1436/0x5b3d: sigaltstack(0x0, 0x7FFF56F5ECA0, 0x7FFF56F5ECB0) = 0 0 | |
| 1436/0x5b3d: write_nocancel(0x2, "bash-3.2$ \0", 0xA) = 10 0 | |
| 1436/0x5b3d: sigaltstack(0x0, 0x7FFF56F5DC80, 0x7FFF56F5DC90) = 0 0 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod | |
| tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At | |
| vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, | |
| no sea takimata sanctus est Lorem ipsum dolor sit amet. |
@rhardih I am trying this on apple m1 Mac, and in my case the logs never stop printing and don't seem to be printing contents from just the bash/zsh process. Even when a command of interest run in the shell who's pid is being tracked is killed, the log keeps on going on... I am very perplexed what is going on. I found your posting my own question here: https://unix.stackexchange.com/q/673293/456507
Also, there is a typo in your description "On line 35, the last event from the child process closes stdin, with a call to close_nocancel."
1458/0x5c1d: close_nocancel(0x1) = 0 0
I think it should be stdout instead of stdin in that statement.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note to self; do not delete. Linked in https://rhardih.io/2017/11/behind-the-scenes-of-shell-io-redirection/