diff options
author | markj <markj@FreeBSD.org> | 2014-08-04 15:36:22 +0000 |
---|---|---|
committer | markj <markj@FreeBSD.org> | 2014-08-04 15:36:22 +0000 |
commit | 2fd28e23736da641dbe3990391f997fb55353b17 (patch) | |
tree | eb6788ffbddddf0e243de1acbb43ecdc0a774121 /cddl/lib | |
parent | bde3467611213433dffde86fe37fa1ba8c021b09 (diff) | |
download | FreeBSD-src-2fd28e23736da641dbe3990391f997fb55353b17.zip FreeBSD-src-2fd28e23736da641dbe3990391f997fb55353b17.tar.gz |
MFC r256571:
Add a function, memstr, which can be used to convert a buffer of
null-separated strings to a single string. This can be used to print the
full arguments of a process using execsnoop (from the DTrace toolkit) or
with the following one-liner:
dtrace -n 'syscall::execve:return {trace(curpsinfo->pr_psargs);}'
Note that this relies on the process arguments being cached via the struct
proc, which means that it will not work for argvs longer than
kern.ps_arg_cache_limit. However, the following rather non-portable
script can be used to extract any argv at exec time:
fbt::kern_execve:entry
{
printf("%s", memstr(args[1]->begin_argv, ' ',
args[1]->begin_envv - args[1]->begin_argv));
}
The debug.dtrace.memstr_max sysctl limits the maximum argument size to
memstr().
Diffstat (limited to 'cddl/lib')
-rw-r--r-- | cddl/lib/libdtrace/psinfo.d | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/cddl/lib/libdtrace/psinfo.d b/cddl/lib/libdtrace/psinfo.d index 068e72e..c2219f7 100644 --- a/cddl/lib/libdtrace/psinfo.d +++ b/cddl/lib/libdtrace/psinfo.d @@ -57,7 +57,8 @@ translator psinfo_t < struct proc *T > { pr_gid = T->p_ucred->cr_rgid; pr_egid = T->p_ucred->cr_groups[0]; pr_addr = 0; - pr_psargs = stringof(T->p_args->ar_args); + pr_psargs = (T->p_args->ar_args == 0) ? "" : + memstr(T->p_args->ar_args, ' ', T->p_args->ar_length); pr_arglen = T->p_args->ar_length; pr_jailid = T->p_ucred->cr_prison->pr_id; }; |