thr3ads.net - dtrace discuss - [dtrace-discuss] How to stop (halt) a process shortly before it exits [Sep 2008]

If this information is useful, please help other people find it:
Share via:

Bernd Finger

2008-Sep-15 13:35 UTC

[dtrace-discuss] How to stop (halt) a process shortly before it exits

Hi all,

I''d like to know if it''s possible to stop a process (using the
stop()
destructive action, for example) shortly before it exits? If I do 
something like:

proc:::exit
/uid == 4/
{
    stop();
}

it''s apparently already too late. The Dynamic Tracing guide mentions 
that stop() will force the process to stop when it next leaves the 
kernel, so maybe it''s not possible to stop the process at this point in
time (e.g. because it will no longer be running after it next leaves the 
kernel). Is there any other probe that will fire in time so that the 
process can be stopped before it exits?

Thanks for any hints!

Regards,

Bernd

Michael Schuster

2008-Sep-15 14:28 UTC

head link

[dtrace-discuss] How to stop (halt) a process shortly before it exits

Bernd Finger wrote:> Hi all,
> 
> I''d like to know if it''s possible to stop a process
(using the stop()
> destructive action, for example) shortly before it exits? If I do 
> something like:
> 
> proc:::exit
> /uid == 4/
> {
>     stop();
> }
> 
> it''s apparently already too late. The Dynamic Tracing guide
mentions
> that stop() will force the process to stop when it next leaves the 
> kernel, so maybe it''s not possible to stop the process at this
point in
> time (e.g. because it will no longer be running after it next leaves the 
> kernel). Is there any other probe that will fire in time so that the 
> process can be stopped before it exits?
have you tried libc''s exit() entry point, thus:

pid4:lic:exit:entry

(syntax from memory, please verify).

HTH
Michael
-- 
Michael Schuster        http://blogs.sun.com/recursion
Recursion, n.: see ''Recursion''

Adam Leventhal

2008-Sep-15 15:43 UTC

head link

[dtrace-discuss] How to stop (halt) a process shortly before it exits

On Mon, Sep 15, 2008 at 03:35:16PM +0200, Bernd Finger
wrote:> I''d like to know if it''s possible to stop a process
(using the stop()
> destructive action, for example) shortly before it exits? If I do 
> something like:
> 
> proc:::exit
> /uid == 4/
> {
>     stop();
> }
> 
> it''s apparently already too late. The Dynamic Tracing guide
mentions
> that stop() will force the process to stop when it next leaves the 
> kernel, so maybe it''s not possible to stop the process at this
point in
> time (e.g. because it will no longer be running after it next leaves the 
> kernel). Is there any other probe that will fire in time so that the 
> process can be stopped before it exits?
The proc:::exit probe is, indeed, too late, but you can catch it in the
probe for the exit(2) system call (syscall::rexit:entry).

Adam

-- 
Adam Leventhal, Fishworks                     http://blogs.sun.com/ahl

dtrace discuss - Sep 2008 - How to stop (halt) a process shortly before it exits

[dtrace-discuss] How to stop (halt) a process shortly before it exits

[dtrace-discuss] How to stop (halt) a process shortly before it exits

[dtrace-discuss] How to stop (halt) a process shortly before it exits