Efficient way to determine when a child process forks or calls
exec
Fernando Gleiser
fergleiser at yahoo.com
Mon May 17 19:28:49 UTC 2010
----- Original Message ----
> From: Dan McNulty <dkmcnulty at gmail.com>
> To: freebsd-hackers at freebsd.org
> Sent: Mon, May 17, 2010 11:33:31 AM
> Subject: Efficient way to determine when a child process forks or calls exec
>
> Hi all,
>I have been experimenting with ptrace to determine when a
> child process forks or calls exec. Particularly, I have explored
> tracing every system call entry and exit similar to what the truss
> utility does, and for my case, the performance impact of tracing every
> system call is too great.
> Is there a more efficient way than tracing
> every system call entry and exit to determine when a child process forks,
> calls exec, or creates a new LWP?
You can do that very easily with DTrace's syscall provider
#!/usr/sbin/dtrace -s
syscall::fork:entry
{
self->traceme=1;
}
syscall::exec*:entry
/self->traceme/
{
printf("pid %d has called %s\n", pid, probefunc);
self->traceme=0;
}
Hope that helps
}
Thanks a lot for your
> help!
-Dan
_______________________________________________
> ymailto="mailto:freebsd-hackers at freebsd.org"
> href="mailto:freebsd-hackers at freebsd.org">freebsd-hackers at freebsd.org
> mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To
> unsubscribe, send any mail to "
> ymailto="mailto:freebsd-hackers-unsubscribe at freebsd.org"
> href="mailto:freebsd-hackers-unsubscribe at freebsd.org">freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers
mailing list