DTrace Script

Dtrace Code

Yesterday i wrote some Dtrace code which i am posting here.

 

1). The probe are fired as you type some in the bash shell terminal

 

    #! /usr/sbin/dtrace -s

    syscall::write:entry

    /execname =="bash"/

    {

        printf("bash with pid %d called write system call\n", pid);

    }

2). This script display the detail of the application currently opened

    #!/usr/sbin/dtrace -s

    proc:::exec-success

    {

        printf("%s(pid=%d) started by uid - %d\n", execname, pid,uid);

    }

3).The scrip displace the how many time the process is switched between the thread in the system

    #!/usr/sbin/dtrace -s

    sysinfo:::pswitch

    {

        @[execname] = count();

    }

 

4)    This scrip display the ustack of all the process running in the system.

    #!/usr/sbin/dtrace -s

    syscall::write:entry

    {

        @[ustack()]=count();

    }

    ustack list the all the sub-process associated with the main process the last time in the ustack is the main process for example consider the fallowing ustack

libc.so.1`_write+0x15

libX11.so.4`_X11TransSocketWrite+0x25

libX11.so.4`_X11TransWrite+0x17

libX11.so.4`_XFlushInt+0x7d

libX11.so.4`_XFlush+0x10

libX11.so.4`_XEventsQueued+0x2a

libX11.so.4`XPending+0x42

libgdk-x11-2.0.so.0.1000.12`_gdk_events_queue+0xf8

libgdk-x11-2.0.so.0.1000.12`gdk_event_dispatch+0x2e

libglib-2.0.so.0.1200.12`g_main_dispatch+0x1d9

libglib-2.0.so.0.1200.12`g_main_context_dispatch+0x85

libglib-2.0.so.0.1200.12`g_main_context_iterate+0x3ce

libglib-2.0.so.0.1200.12`g_main_loop_run+0x1b8

libgtk-x11-2.0.so.0.1000.12`gtk_main+0xb2

libwidget_gtk2.so`__1cKnsAppShellDRun6M_I_+0x34

libtoolkitcomps.so`__1cMnsAppStartupDRun6M_I_+0x2b

firefox-bin`XRE_main+0x25f4

firefox-bin`main+0x25

firefox-bin`_start+0x7a

in this stack the firefox-bin is the main process.