Ever wondered what happens inside the kernel, when you issue a system call like read/write etc .. ? Dtrace is the answer !! This simple snippet of dtrace code, can show/trace each operation being done inside kernel.
#!/usr/sbin/dtrace -Fs
#pragma D option flowindent
syscall::read:entry /pid == 5142/ { self->follow = 1; }
:::entry,return /self->follow/ { }
syscall::read:return /pid == 5142/ { self->follow = 0; }
You need to replace the "read" call with, whatever call you want to trace and PID 5142 - with whatever process id (or) could use / execname =="process name" /
No comments:
Post a Comment