Date: Mon, 17 May 2010 12:28:49 -0700 (PDT) From: Fernando Gleiser <fergleiser@yahoo.com> To: Dan McNulty <dkmcnulty@gmail.com>, freebsd-hackers@freebsd.org Subject: Re: Efficient way to determine when a child process forks or calls exec Message-ID: <167913.27782.qm@web31706.mail.mud.yahoo.com> In-Reply-To: <AANLkTinO0hqywG7sCWJYXTsayOtad2qnP1SPDn6NzCYm@mail.gmail.com> References: <AANLkTinO0hqywG7sCWJYXTsayOtad2qnP1SPDn6NzCYm@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----
> From: Dan McNulty <dkmcnulty@gmail.com>
> To: freebsd-hackers@freebsd.org
> Sent: Mon, May 17, 2010 11:33:31 AM
> Subject: Efficient way to determine when a child process forks or calls exec
>
> Hi all,
>I have been experimenting with ptrace to determine when a
> child process forks or calls exec. Particularly, I have explored
> tracing every system call entry and exit similar to what the truss
> utility does, and for my case, the performance impact of tracing every
> system call is too great.
> Is there a more efficient way than tracing
> every system call entry and exit to determine when a child process forks,
> calls exec, or creates a new LWP?
You can do that very easily with DTrace's syscall provider
#!/usr/sbin/dtrace -s
syscall::fork:entry
{
self->traceme=1;
}
syscall::exec*:entry
/self->traceme/
{
printf("pid %d has called %s\n", pid, probefunc);
self->traceme=0;
}
Hope that helps
}
Thanks a lot for your
> help!
-Dan
_______________________________________________
> ymailto="mailto:freebsd-hackers@freebsd.org"
> href="mailto:freebsd-hackers@freebsd.org">freebsd-hackers@freebsd.org
> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To
> unsubscribe, send any mail to "
> ymailto="mailto:freebsd-hackers-unsubscribe@freebsd.org"
> href="mailto:freebsd-hackers-unsubscribe@freebsd.org">freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?167913.27782.qm>