summaryrefslogtreecommitdiffstats
path: root/cddl/contrib/dtracetoolkit/Kernel/whatexec.d
diff options
context:
space:
mode:
Diffstat (limited to 'cddl/contrib/dtracetoolkit/Kernel/whatexec.d')
-rwxr-xr-xcddl/contrib/dtracetoolkit/Kernel/whatexec.d79
1 files changed, 79 insertions, 0 deletions
diff --git a/cddl/contrib/dtracetoolkit/Kernel/whatexec.d b/cddl/contrib/dtracetoolkit/Kernel/whatexec.d
new file mode 100755
index 0000000..e70173b
--- /dev/null
+++ b/cddl/contrib/dtracetoolkit/Kernel/whatexec.d
@@ -0,0 +1,79 @@
+#!/usr/sbin/dtrace -s
+/*
+ * whatexec.d - Examine the type of files exec'd.
+ * Written using DTrace (Solaris 10 3/05)
+ *
+ * This prints the first four chacacters of files that are executed.
+ * This traces the kernel function findexec_by_hdr(), which checks for
+ * a known magic number in the file's header.
+ *
+ * The idea came from a demo I heard about from the UK, where a
+ * "blue screen of death" was displayed for "MZ" files (although I
+ * haven't seen the script or the demo).
+ *
+ * $Id: whatexec.d 3 2007-08-01 10:50:08Z brendan $
+ *
+ * USAGE: whatexec.d (early release, check for updates)
+ *
+ * FIELDS:
+ * PEXEC parent command name
+ * EXEC pathname to file exec'd
+ * OK is type runnable, Y/N
+ * TYPE first four characters from file
+ *
+ * COPYRIGHT: Copyright (c) 2006 Brendan Gregg.
+ *
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License, Version 1.0 only
+ * (the "License"). You may not use this file except in compliance
+ * with the License.
+ *
+ * You can obtain a copy of the license at Docs/cddl1.txt
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * CDDL HEADER END
+ *
+ * 11-Feb-2006 Brendan Gregg Created this.
+ * 25-Apr-2006 " " Last update.
+ */
+
+#pragma D option quiet
+
+this char *buf;
+
+dtrace:::BEGIN
+{
+ printf("%-16s %-38s %2s %s\n", "PEXEC", "EXEC", "OK", "TYPE");
+}
+
+fbt::gexec:entry
+{
+ self->file = cleanpath((*(struct vnode **)arg0)->v_path);
+ self->ok = 1;
+}
+
+fbt::findexec_by_hdr:entry
+/self->ok/
+{
+ bcopy(args[0], this->buf = alloca(5), 4);
+ this->buf[4] = '\0';
+ self->hdr = stringof(this->buf);
+}
+
+fbt::findexec_by_hdr:return
+/self->ok/
+{
+ printf("%-16s %-38s %2s %S\n", execname, self->file,
+ arg1 == NULL ? "N" : "Y", self->hdr);
+ self->hdr = 0;
+}
+
+fbt::gexec:return
+{
+ self->file = 0;
+ self->ok = 0;
+}
OpenPOWER on IntegriCloud