I'm struggling to traverse the structures to get the the child pid
when returning from waitsys. I got so far (below), but it's not
returning the correct pid. Somewhere my pointers are going astray,
can someone guide me on the right path?
thanks - mo
#!/usr/sbin/dtrace -s
syscall::waitsys:entry
/execname == $$1/
{
self->infop = arg2;
}
syscall::waitsys:return
/self->infop != NULL/
{
self->pt = (siginfo_t *)copyin(self->infop, sizeof(siginfo_t));
printf("pid returned: %d", self->pt->__data.__proc.__pid);
self->pt = NULL; self->infop = NULL;
}
_______________________________________________
dtrace-discuss mailing list
[email protected]
