File: proc_snoop.stp

package info (click to toggle)
systemtap 4.0-1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 36,436 kB
  • sloc: cpp: 72,388; ansic: 58,430; xml: 47,797; exp: 40,417; sh: 10,793; python: 2,759; perl: 2,252; tcl: 1,305; makefile: 1,119; lisp: 105; java: 102; awk: 101; asm: 91; sed: 16
file content (55 lines) | stat: -rwxr-xr-x 1,138 bytes parent folder | download | duplicates (10) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
 
#! /usr/bin/env stap

global start_ts

probe begin {
  start_ts = gettimeofday_us()
  printf("%12s  %5s  %5s  %-16s  ACTION\n",
         "TIMESTAMP", "PID", "TID", "EXECNAME")
}

function report(action:string) {
  printf("%12d  %5d  %5d  %-16s  %s\n", gettimeofday_us() - start_ts,
         pid(), tid(), execname(), action)
}

function id:string(task:long) {
  return sprintf("p:%d t:%d n:%s", task_pid(task), task_tid(task),
                 task_execname(task))
}

probe kprocess.create {
  report(sprintf("create %s", id(task)))
}

probe kprocess.start {
  report("start")
}

probe kprocess.exec {
  report(sprintf("exec %s", filename))
}

probe kprocess.exec_complete {
  if (success)
    report("exec success")
  else
    report(sprintf("exec failed %d (%s)", errno, errno_str(errno)))
}

probe kprocess.exit {
  report(sprintf("exit %d", code))
}

probe kprocess.release {
  report(sprintf("remove %s", id(task)))
}

probe signal.send {
  report(sprintf("sigsend %d (%s) to %s%s", sig, sig_name, id(task),
                 shared? " [SHARED]" : ""))
}

probe signal.handle {
  report(sprintf("sighandle %d (%s)", sig, sig_name))
}