On Wed, Oct 01, 2008 at 01:00:52PM -0700, Adam Leventhal wrote: > On Wed, Oct 01, 2008 at 12:02:04PM -0700, Paul Macknee wrote: > > The alternative I see, is to need to know the usage about each syscall (all > > hundreds of them) and write hundreds of separate probes that know how the > > arguments are to be parsed. As it is, if I even try to do intelligent > > preprocessing: > > That would already be necessary: there's no type information for system calls > and no typed arguments. For a DTrace-based truss you'd need to replicate the > gigantic tables in the truss source code.
Usually there's a kernel function that gets all the copied-in arguments of a syscall (e.g., copen(), in the case of open(), open64(), openat()...), so judicious use of the FBT provider can get you what you want. But that's not stable. It'd be nice if for every syscall there was a stable function that got the copied-in args. Nico -- _______________________________________________ dtrace-discuss mailing list [email protected]
