mirror of
https://github.com/opnsense/src.git
synced 2026-05-25 02:35:01 -04:00
e572bc11ec
null-separated strings to a single string. This can be used to print the
full arguments of a process using execsnoop (from the DTrace toolkit) or
with the following one-liner:
dtrace -n 'syscall::execve:return {trace(curpsinfo->pr_psargs);}'
Note that this relies on the process arguments being cached via the struct
proc, which means that it will not work for argvs longer than
kern.ps_arg_cache_limit. However, the following rather non-portable
script can be used to extract any argv at exec time:
fbt::kern_execve:entry
{
printf("%s", memstr(args[1]->begin_argv, ' ',
args[1]->begin_envv - args[1]->begin_argv));
}
The debug.dtrace.memstr_max sysctl limits the maximum argument size to
memstr(). Thanks to Brendan Gregg for helpful comments on freebsd-dtrace.
Tested by: Fabian Keil (earlier version)
MFC after: 2 weeks
|
||
|---|---|---|
| .. | ||
| compat/opensolaris | ||
| contrib | ||
| lib | ||
| sbin | ||
| usr.bin | ||
| usr.sbin | ||
| Makefile | ||
| Makefile.inc | ||