4

I am new to dtrace, having previously had the luxury of Linux strace tracking everything I need by default. How to get tracking read and write calls from a running C program to work on dtrace?

I've seen the answer here: dtrace: doesn't catch any write sys call ,however it doesn't help me fully.

I've added a printf statement from https://docs.oracle.com/cd/E18752_01/html/819-5488/gcgkk.html, with the current code:sudo dtrace -n 'syscall::read:entry, syscall::write:entry/pid==10325/{printf("%s",copyinstr(arg1)); }', where pid is the process I want to track.

However, this prints it out as a string, as opposed to in byte form. Is there a way to view the entire contents, including hidden characters like \r and \n? This is the way it is done in strace.

Additionally, write:entry seems to cut off output after roughly 150-200 characters, is there a way to disable or increase that limit?

Cheetaiean
  • 901
  • 1
  • 12
  • 26
  • 3
    You can use `%S` (capital S) and it should print out all non-printable characters such as `\r` or `\n` as escape sequences. It will still stop on the first zero `char` value, though. – Andrew Henle Mar 31 '20 at 19:49
  • Thank you, that should be good enough for most basic tracking needs. write:entry also seems to cut off after printing roughly 200-300 characters for some reason. – Cheetaiean Mar 31 '20 at 20:29
  • @AndrewHenle want to post that as an answer? – dimo414 May 26 '20 at 00:30

0 Answers0