1 Star2 Stars3 Stars4 Stars5 Stars (还没有评分)
Loading...

DTrace tricks and tips (5) – 查看进程的probe

以下面程序为例,介绍如何查看进程的probe:

#include <stdio.h>

void func(void)
{
    printf("hello\n");
}

int main(void)
{
    while (1)
    {
        func();
        sleep(10);
    }
    return 0;
}

假设生成程序的可执行文件名叫a。
(1)启动程序,并列出所有的probe:

bash-3.2# dtrace -ln 'pid$target:a::' -c ./a
   ID   PROVIDER            MODULE                          FUNCTION NAME
53971    pid9546                 a                            _start entry
53972    pid9546                 a                            _start 0
53973    pid9546                 a                            _start 2
53974    pid9546                 a                            _start 4
53975    pid9546                 a                            _start 6
53976    pid9546                 a                            _start b
.....

可以看到,列出了包括汇编指令偏移的所有probe。大多数时候,我们只关心entry和return probe就好了,所以下面的例子都以entry probe举例子:

bash-3.2# dtrace -ln 'pid$target:a::entry' -c ./a
   ID   PROVIDER            MODULE                          FUNCTION NAME
53971   pid12167                 a                            _start entry
53972   pid12167                 a                             __fsr entry
53973   pid12167                 a                           _mcount entry
53974   pid12167                 a                              func entry
53975   pid12167                 a                              main entry

可以看到只列出了entry probe。
(2)让进程运行一段时间,通过进程ID,得到entry probe:

bash-3.2# dtrace -ln 'pid$target:a::entry' -p 12266
   ID   PROVIDER            MODULE                          FUNCTION NAME
53971   pid12266                 a                            _start entry
53972   pid12266                 a                             __fsr entry
53973   pid12266                 a                           _mcount entry
53974   pid12266                 a                              func entry
53975   pid12266                 a                              main entry

(3)查看进程的某个动态链接库的probe:

bash-3.2# dtrace -ln 'pid$target:libc::entry' -p 12266
   ID   PROVIDER            MODULE                          FUNCTION NAME
53976   pid12266         libc.so.1                          __cerror entry
53977   pid12266         libc.so.1                        __cerror64 entry
53978   pid12266         libc.so.1                          __rtboot entry
53979   pid12266         libc.so.1                             _stat entry
53980   pid12266         libc.so.1                            _lstat entry
......

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.