G''Day Folks,
I''d feel bad if I didn''t mention this, although it is a very
tiny problem
that has an easy workaround. (and it''s the first time I''ve
seen it in
about a thousand scripts). So unless you really care a lot about
cleanpath() and bcopy(), then you don''t want to read the following. :-)
...
I was updating the whatexec.d script (attached), and noticed the
following,
# whatexec.d
PEXEC EXEC OK TYPE
bash /usr/bin/clear Y #!/u/bin/clear\0
bash /sbin/sh Y \177ELFn/sh\0
clear /usr/bin/tput Y \177ELF/bin/tput\0
bash /export/home/brendan/DOOM.EXE N MZ\644\0
It looks like there is junk at the end of the TYPE column. This junk can
be removed by adding the following line to the script,
printf("%s", "");
which makes this script do this instead,
# whatexec.d
PEXEC EXEC OK TYPE
bash /usr/bin/clear Y #!/u\0
bash /sbin/sh Y \177ELF\0
clear /usr/bin/tput Y \177ELF\0
bash /export/home/brendan/DOOM.EXE N MZ\644\0
and now is the expected, correct output. That TYPE column prints the first
four chacacters of files that are exec()d, as checked by
findexec_by_hdr().
If I change the first cleanpath() to just a stringof(), then I don''t
need
that workaround printf(). Hmm.
I don''t actually know the reason behind this, and the (unusual)
workaround
doesn''t help much. Perhaps my script just does something foolish.
I don''t expect a fix, and there is a workaround; just thought
I''d better
mention it!
cheers,
Brendan
[Sydney, Australia]
-------------- next part --------------
#!/usr/sbin/dtrace -s
/*
* whatexec.d - Examine the type of files exec''d.
* Written using DTrace (Solaris 10 3/05)
*
* This prints the first four chacacters of files that are executed.
* This traces the kernel function findexec_by_hdr(), which checks for
* a known magic number in the file''s header.
*
* The idea came from a demo I heard about from the UK, where a
* "blue screen of death" was displayed for "MZ" files
(although I
* haven''t seen the script or the demo).
*
* 22-Apr-2006, ver 0.70
*
* USAGE: whatexec.d (early release, check for updates)
*
* FIELDS:
* PEXEC parent command name
* EXEC pathname to file exec''d
* OK is type runnable, Y/N
* TYPE first four characters from file
*
* COPYRIGHT: Copyright (c) 2006 Brendan Gregg.
*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at Docs/cddl1.txt
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* CDDL HEADER END
*
* 14-Feb-2006 Brendan Gregg Created this.
*/
#pragma D option quiet
dtrace:::BEGIN
{
printf("%-16s %-38s %2s %s\n", "PEXEC", "EXEC",
"OK", "TYPE");
}
fbt::gexec:entry
{
self->file = cleanpath((*args[0])->v_path); /* try stringof */
self->ok = 1;
}
fbt::findexec_by_hdr:entry
/self->ok/
{
bcopy(args[0], this->buf = alloca(4), 4);
self->hdr = stringof(this->buf);
/* printf("%s", ""); */ /* the workaround when using
cleanpath */
}
fbt::findexec_by_hdr:return
/self->ok/
{
printf("%-16s %-38s %2s %S\n", execname, self->file,
arg1 == NULL ? "N" : "Y", self->hdr);
self->hdr = 0;
}
fbt::gexec:return
{
self->file = 0;
self->ok = 0;
}