|
PID/THRD SYSCALL(args) = return |
|
1436/0x5b3d: write_nocancel(0x2, "\n\0", 0x1) = 1 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x108D3311C, 0x108D33120) = 0x0 0 |
|
1436/0x5b3d: ioctl(0x0, 0x80487414, 0x108D33038) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x3, 0x108D33120, 0x0) = 0x0 0 |
|
1436/0x5b3d: sigaction(0x2, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 |
|
1436/0x5b3d: sigaction(0xF, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 |
|
1436/0x5b3d: sigaction(0x3, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 |
|
1436/0x5b3d: sigaction(0xE, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 |
|
1436/0x5b3d: sigaction(0x12, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 |
|
1436/0x5b3d: sigaction(0x16, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 |
|
1436/0x5b3d: sigaction(0x15, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 |
|
1436/0x5b3d: sigaction(0x1C, 0x7FFF56F5DC78, 0x7FFF56F5DCA8) = 0 0 |
|
1436/0x5b3d: sigaction(0x2, 0x7FFF56F5DC98, 0x7FFF56F5DCC0) = 0 0 |
|
1436/0x5b3d: stat64(".\0", 0x7FFF56F5E790, 0x7FFF56F5DCC0) = 0 0 |
|
1436/0x5b3d: stat64("/usr/gnu/bin/cat\0", 0x7FFF56F5E6A0, 0x7FFF56F5DCC0) = -1 Err#2 |
|
1436/0x5b3d: stat64("/usr/local/bin/cat\0", 0x7FFF56F5E6A0, 0x7FFF56F5DCC0) = -1 Err#2 |
|
1436/0x5b3d: stat64("/bin/cat\0", 0x7FFF56F5E6A0, 0x7FFF56F5DCC0) = 0 0 |
|
1436/0x5b3d: stat64("/bin/cat\0", 0x7FFF56F5E6E0, 0x7FFF56F5DCC0) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E864, 0x7FFF56F5E860) = 0x0 0 |
|
dtrace: error on enabled probe ID 2018 (ID 260: syscall::execve:return): invalid address (0x7fb1f340e340) in action #12 at DIF offset 24 |
|
1436/0x5b3d: fork() = 1458 0 |
|
1436/0x5b3d: setpgid(0x5B2, 0x5B2, 0x7FFF56F5E860) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E860, 0x0) = 0x0 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E85C, 0x7FFF56F5E858) = 0x0 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E82C, 0x7FFF56F5E828) = 0x0 0 |
|
1436/0x5b3d: ioctl(0xFF, 0x4004667A, 0x7FFF56F5E77C) = 0 0 |
|
1436/0x5b3d: ioctl(0xFF, 0x80047476, 0x7FFF56F5E7FC) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E828, 0x0) = 0x0 0 |
|
1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E858, 0x0) = 0x0 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E864, 0x7FFF56F5E860) = 0x0 0 |
|
1458/0x5c1d: fork() = 0 0 |
|
1458/0x5c1d: thread_selfid(0x0, 0x0, 0x0) = 23581 0 |
|
1458/0x5c1d: bsdthread_register(0x7FFF9BA29344, 0x7FFF9BA29334, 0x2000) = -1 Err#22 |
|
1458/0x5c1d: getpid(0x7FFF9BA29344, 0x7FFF9BA29334, 0x2000) = 1458 0 |
|
1458/0x5c1d: sigprocmask(0x3, 0x108D30EF8, 0x0) = 0x0 0 |
|
1458/0x5c1d: sigaction(0x12, 0x7FFF56F5E7F8, 0x7FFF56F5E820) = 0 0 |
|
1458/0x5c1d: sigaction(0x15, 0x7FFF56F5E7F8, 0x7FFF56F5E820) = 0 0 |
|
1458/0x5c1d: sigaction(0x16, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 |
|
1458/0x5c1d: setpgid(0x5B2, 0x5B2, 0x7FFF56F5E830) = 0 0 |
|
1458/0x5c1d: sigprocmask(0x1, 0x7FFF56F5E83C, 0x7FFF56F5E838) = 0x0 0 |
|
1458/0x5c1d: ioctl(0xFF, 0x4004667A, 0x7FFF56F5E78C) = 0 0 |
|
1458/0x5c1d: ioctl(0xFF, 0x80047476, 0x7FFF56F5E80C) = 0 0 |
|
1458/0x5c1d: sigprocmask(0x3, 0x7FFF56F5E838, 0x0) = 0x0 0 |
|
1458/0x5c1d: sigaction(0x2, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 |
|
1458/0x5c1d: sigaction(0x3, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 |
|
1458/0x5c1d: sigaction(0xF, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 |
|
1458/0x5c1d: sigaction(0x14, 0x7FFF56F5E808, 0x7FFF56F5E830) = 0 0 |
|
1458/0x5c1d: open("bar.txt\0", 0x601, 0x1B6) = 3 0 |
|
1458/0x5c1d: dup2(0x3, 0x1, 0x1B6) = 1 0 |
|
1458/0x5c1d: close(0x3) = 0 0 |
|
1458/0x5c1d: thread_selfid(0x7FB1F340E340, 0x7FB1F340E450, 0x7FB1F3502140) = 23581 0 |
|
1458/0x5c1d: csops(0x0, 0x0, 0x7FFF5D3A7DC0) = 0 0 |
|
1458/0x5c1d: csrctl(0x0, 0x7FFF5D3A7CFC, 0x4) = -1 Err#1 |
|
1458/0x5c1d: shared_region_check_np(0x7FFF5D3A5CC8, 0x7FFF5D3A7CFC, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/libSystem.B.dylib\0", 0x7FFF5D3A7088, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libcache.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libcommonCrypto.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libcompiler_rt.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libcopyfile.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libcorecrypto.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libdispatch.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libdyld.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libkeymgr.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/liblaunch.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libmacho.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libquarantine.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libremovefile.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_asl.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_blocks.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_c.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_configuration.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_coreservices.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_coretls.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_dnssd.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_info.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_kernel.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_m.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_malloc.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_network.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_networkextension.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_notify.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_platform.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_pthread.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_sandbox.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_secinit.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libsystem_trace.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libunc.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libunwind.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/system/libxpc.dylib\0", 0x7FFF5D3A6C98, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/libobjc.A.dylib\0", 0x7FFF5D3A5F78, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/libauto.dylib\0", 0x7FFF5D3A5F78, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/libc++abi.dylib\0", 0x7FFF5D3A5E58, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/libc++.1.dylib\0", 0x7FFF5D3A5E58, 0x4) = 0 0 |
|
1458/0x5c1d: stat64("/usr/lib/libDiagnosticMessagesClient.dylib\0", 0x7FFF5D3A5D48, 0x4) = 0 0 |
|
1458/0x5c1d: open("/dev/dtracehelper\0", 0x2, 0x7FFF5D3A7C80) = 3 0 |
|
1458/0x5c1d: ioctl(0x3, 0x80086804, 0x7FFF5D3A7C08) = 0 0 |
|
1458/0x5c1d: close(0x3) = 0 0 |
|
1458/0x5c1d: sysctl(0x7FFF5D3A73D0, 0x2, 0x7FFF5D3A73E0) = 0 0 |
|
1458/0x5c1d: thread_selfid(0x7FFF5D3A73D0, 0x2, 0x7FFF5D3A73E0) = 23581 0 |
|
1458/0x5c1d: bsdthread_register(0x7FFF9BA29344, 0x7FFF9BA29334, 0x2000) = 1073741887 0 |
|
1458/0x5c1d: mprotect(0x10285E000, 0x88, 0x1) = 0 0 |
|
1458/0x5c1d: mprotect(0x102860000, 0x1000, 0x0) = 0 0 |
|
1458/0x5c1d: mprotect(0x102876000, 0x1000, 0x0) = 0 0 |
|
1458/0x5c1d: mprotect(0x102877000, 0x1000, 0x0) = 0 0 |
|
1458/0x5c1d: mprotect(0x10288D000, 0x1000, 0x0) = 0 0 |
|
1458/0x5c1d: mprotect(0x10288E000, 0x1000, 0x1) = 0 0 |
|
1458/0x5c1d: mprotect(0x10285E000, 0x88, 0x3) = 0 0 |
|
1458/0x5c1d: mprotect(0x10285E000, 0x88, 0x1) = 0 0 |
|
1458/0x5c1d: issetugid(0x10285E000, 0x88, 0x1) = 0 0 |
|
1458/0x5c1d: getpid(0x10285E000, 0x88, 0x1) = 1458 0 |
|
1458/0x5c1d: stat64("/AppleInternal/XBS/.isChrooted\0", 0x7FFF5D3A7338, 0x1) = -1 Err#2 |
|
1458/0x5c1d: stat64("/AppleInternal\0", 0x7FFF5D3A72A8, 0x1) = -1 Err#2 |
|
1458/0x5c1d: csops(0x5B2, 0x7, 0x7FFF5D3A6DC0) = 0 0 |
|
1458/0x5c1d: sysctl(0x7FFF5D3A7180, 0x4, 0x7FFF5D3A6EF8) = 0 0 |
|
1458/0x5c1d: csops(0x5B2, 0x7, 0x7FFF5D3A66B0) = 0 0 |
|
1458/0x5c1d: proc_info(0x2, 0x5B2, 0x11) = 56 0 |
|
1458/0x5c1d: open("foo.txt\0", 0x0, 0x102858F51) = 3 0 |
|
1458/0x5c1d: fstat64(0x1, 0x7FFF5D3A8DC0, 0x102858F51) = 0 0 |
|
1458/0x5c1d: read(0x3, "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod\ntempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At\nvero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren,\nno sea takimata ", 0x1000) = 296 0 |
|
1458/0x5c1d: write(0x1, "Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod\ntempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At\nvero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren,\nno sea takimata ", 0x128) = 296 0 |
|
1458/0x5c1d: read(0x3, "\0", 0x1000) = 0 0 |
|
1458/0x5c1d: close(0x3) = 0 0 |
|
1458/0x5c1d: getrlimit(0x1008, 0x7FFF5D3A8CD8, 0x1000) = 0 0 |
|
1458/0x5c1d: close_nocancel(0x1) = 0 0 |
|
1436/0x5b3d: wait4(0xFFFFFFFF, 0x7FFF56F5E824, 0x12) = 1458 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5E83C, 0x7FFF56F5E838) = 0x0 0 |
|
1436/0x5b3d: ioctl(0xFF, 0x4004667A, 0x7FFF56F5E78C) = 0 0 |
|
1436/0x5b3d: ioctl(0xFF, 0x80047476, 0x7FFF56F5E80C) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E838, 0x0) = 0x0 0 |
|
1436/0x5b3d: ioctl(0xFF, 0x40487413, 0x108D31FA0) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5E860, 0x0) = 0x0 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x0, 0x7FFF56F5ECB0) = 0x0 0 |
|
1436/0x5b3d: sigaltstack(0x0, 0x7FFF56F5ECA0, 0x7FFF56F5ECB0) = 0 0 |
|
1436/0x5b3d: sigaction(0x2, 0x7FFF56F5EC78, 0x7FFF56F5ECA0) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x7FFF56F5DCCC, 0x7FFF56F5DCC8) = 0x0 0 |
|
1436/0x5b3d: ioctl(0xFF, 0x4004667A, 0x7FFF56F5DC1C) = 0 0 |
|
1436/0x5b3d: ioctl(0xFF, 0x80047476, 0x7FFF56F5DC9C) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x3, 0x7FFF56F5DCC8, 0x0) = 0x0 0 |
|
1436/0x5b3d: sigaction(0x2, 0x7FFF56F5DC98, 0x7FFF56F5DCC0) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x108D3311C, 0x108D33120) = 0x0 0 |
|
1436/0x5b3d: ioctl(0x0, 0x40087468, 0x7FFF56F5DBD8) = 0 0 |
|
1436/0x5b3d: ioctl(0x0, 0x80087467, 0x7FFF56F5DBD8) = 0 0 |
|
1436/0x5b3d: ioctl(0x0, 0x40487413, 0x7FFF56F5DC48) = 0 0 |
|
1436/0x5b3d: ioctl(0x0, 0x80487414, 0x7FFF56F5DC48) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x3, 0x108D33120, 0x0) = 0x0 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x108D3315C, 0x108D33160) = 0x0 0 |
|
1436/0x5b3d: sigaction(0x2, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 |
|
1436/0x5b3d: sigaction(0xF, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 |
|
1436/0x5b3d: sigaction(0xF, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 |
|
1436/0x5b3d: sigaction(0x3, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 |
|
1436/0x5b3d: sigaction(0x3, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 |
|
1436/0x5b3d: sigaction(0xE, 0x7FFF56F5DC38, 0x7FFF56F5DC70) = 0 0 |
|
1436/0x5b3d: sigaction(0x12, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 |
|
1436/0x5b3d: sigaction(0x12, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 |
|
1436/0x5b3d: sigaction(0x16, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 |
|
1436/0x5b3d: sigaction(0x16, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 |
|
1436/0x5b3d: sigaction(0x15, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 |
|
1436/0x5b3d: sigaction(0x15, 0x7FFF56F5DC48, 0x7FFF56F5DC70) = 0 0 |
|
1436/0x5b3d: sigprocmask(0x3, 0x108D33160, 0x0) = 0x0 0 |
|
1436/0x5b3d: sigaction(0x1C, 0x7FFF56F5DC08, 0x7FFF56F5DC40) = 0 0 |
|
1436/0x5b3d: write_nocancel(0x2, "bash-3.2$ \0", 0xA) = 10 0 |
|
1436/0x5b3d: sigprocmask(0x1, 0x0, 0x7FFF56F5DC90) = 0x0 0 |
|
1436/0x5b3d: sigaltstack(0x0, 0x7FFF56F5DC80, 0x7FFF56F5DC90) = 0 0 |
|
|
|
|
/dtruss.log
Secret
Last active
This comment has been minimized.
rhardih commentedNov 28, 2017
Note to self; do not delete. Linked in https://rhardih.io/2017/11/behind-the-scenes-of-shell-io-redirection/