https://github.com/lieff/mac_exectrace

https://github.com/lieff/mac_exectrace

Last synced: 9 days ago
JSON representation

• Host: GitHub
• URL: https://github.com/lieff/mac_exectrace
• Owner: lieff
• License: cc0-1.0
• Created: 2016-03-10T13:28:34.000Z (almost 10 years ago)
• Default Branch: master
• Last Pushed: 2016-03-10T13:46:22.000Z (almost 10 years ago)
• Last Synced: 2025-07-05T03:12:45.917Z (7 months ago)
• Language: DTrace
• Size: 2.93 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
Exec Trace

==========

On linux we can trace exec() syscalls using strace. But there no strace for MacOS.

So we must use dtrace and some hacks....

Note: This methood not perfectly correct. Because of kennel limitation we must read parameters from application stack, but when system process dtrace buffer, stack may be already changed. Also dtrace buffers can be dropped.