diff options
author | markj <markj@FreeBSD.org> | 2013-10-16 01:39:26 +0000 |
---|---|---|
committer | markj <markj@FreeBSD.org> | 2013-10-16 01:39:26 +0000 |
commit | 3ecc6f129801776dd571d69cf9a262a97ad23968 (patch) | |
tree | bfa7528429d54368e90dad91f35cf9e0231549da /cddl/lib | |
parent | 2d5c7e881ca033fc347da3e75f1c18da7564b82e (diff) | |
download | FreeBSD-src-3ecc6f129801776dd571d69cf9a262a97ad23968.zip FreeBSD-src-3ecc6f129801776dd571d69cf9a262a97ad23968.tar.gz |
Add a function, memstr, which can be used to convert a buffer of
null-separated strings to a single string. This can be used to print the
full arguments of a process using execsnoop (from the DTrace toolkit) or
with the following one-liner:
dtrace -n 'syscall::execve:return {trace(curpsinfo->pr_psargs);}'
Note that this relies on the process arguments being cached via the struct
proc, which means that it will not work for argvs longer than
kern.ps_arg_cache_limit. However, the following rather non-portable
script can be used to extract any argv at exec time:
fbt::kern_execve:entry
{
printf("%s", memstr(args[1]->begin_argv, ' ',
args[1]->begin_envv - args[1]->begin_argv));
}
The debug.dtrace.memstr_max sysctl limits the maximum argument size to
memstr(). Thanks to Brendan Gregg for helpful comments on freebsd-dtrace.
Tested by: Fabian Keil (earlier version)
MFC after: 2 weeks
Diffstat (limited to 'cddl/lib')
-rw-r--r-- | cddl/lib/libdtrace/psinfo.d | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/cddl/lib/libdtrace/psinfo.d b/cddl/lib/libdtrace/psinfo.d index 068e72e..c2219f7 100644 --- a/cddl/lib/libdtrace/psinfo.d +++ b/cddl/lib/libdtrace/psinfo.d @@ -57,7 +57,8 @@ translator psinfo_t < struct proc *T > { pr_gid = T->p_ucred->cr_rgid; pr_egid = T->p_ucred->cr_groups[0]; pr_addr = 0; - pr_psargs = stringof(T->p_args->ar_args); + pr_psargs = (T->p_args->ar_args == 0) ? "" : + memstr(T->p_args->ar_args, ' ', T->p_args->ar_length); pr_arglen = T->p_args->ar_length; pr_jailid = T->p_ucred->cr_prison->pr_id; }; |