2.2.1 Example: Recording open() System Calls on a System (syscalls.d)

/* syscalls.d -- Record open() system calls on a system */

syscall::open:entry
{
  printf("%-16s %-16s\n",execname,copyinstr(arg0));
}

In this example, the printf() function is used to display the name of the executable that is calling open() and the path name of the file that it is attempting to open.

Note

Use the copyinstr() function to convert the first argument (arg0) in the open() call to a string. Whenever a probe accesses a pointer to data in the address space of a user process, you must use one of the copyin(), copyinstr(), or copyinto() functions to copy the data from user space to a DTrace buffer in kernel space. In this example, it is appropriate to use copyinstr(), as the pointer refers to a character array. If the string is not null-terminated, you also need to specify the length of the string to copyinstr(), for example, copyinstr(arg1, arg2), for a system call such as write(). See User Process Tracing in the Oracle® Linux: DTrace Guide.

The sdt kernel module, which enables the proc provider probes, is most likely already loaded on the test system. Or, if not already loaded, the sdt kernel module will automatically load if you did not manually load a DTrace module since booting the system. See Section 1.4.2, “Manually Loading DTrace Modules” for details.

In the following example, the sdt kernel module needs to be manually loaded or it must be able to automatically load for proper functionality:

# dtrace -q -s syscalls.d
udisks-daemon    /dev/sr0               
devkit-power-da  /sys/devices/LNXSYSTM:00/.../PNP0C0A:00/power_supply/BAT0/present
devkit-power-da  /sys/devices/LNXSYSTM:00/.../PNP0C0A:00/power_supply/BAT0/energy_now
devkit-power-da  /sys/devices/LNXSYSTM:00/.../PNP0C0A:00/power_supply/BAT0/voltage_max_design
devkit-power-da  /sys/devices/LNXSYSTM:00/.../PNP0C0A:00/power_supply/BAT0/voltage_min_design
devkit-power-da  /sys/devices/LNXSYSTM:00/.../PNP0C0A:00/power_supply/BAT0/status
devkit-power-da  /sys/devices/LNXSYSTM:00/.../PNP0C0A:00/power_supply/BAT0/current_now
devkit-power-da  /sys/devices/LNXSYSTM:00/.../PNP0C0A:00/power_supply/BAT0/voltage_now     
VBoxService      /var/run/utmp         
firefox          /home/guest/.mozilla/firefox/qeaojiol.default/sessionstore.js
firefox          /home/guest/.mozilla/firefox/qeaojiol.default/sessionstore-1.js
firefox          /home/guest/.mozilla/firefox/qeaojiol.default/sessionstore-1.js    
^C