Igor Delovski Board Forum Index Igor Delovski Board
My Own Personal Slashdot!
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

DTrace

 
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> Dev Links
Dev Links  
Author Message
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Jul 17, 2017 5:25 pm    Post subject: DTrace Reply with quote

apple.stackexchange - Now that El Capitan is 'rootless', is there any way
to get dtrace working?


"Copy the binary to a directory that is not 'restricted', for example, /tmp

csrutil disable does not work for dtruss to some degree. But as @J.J said chroot
works, this inspired me.

Still I don't know why this works. It may have something to do with the
'protected directories', I guess."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Jul 17, 2017 5:25 pm    Post subject: Reply with quote

internals - DTrace vs. System Integrity Protection

(reboot, hold cmd+R until a progress bar appears; csrutil disable / enable)

"The Good

You're able to do anything you want with the OS, yay! ٩(⸝⸝⸝◕ั ௰ ◕ั⸝⸝⸝ )و

The Bad

You're not safe: there're plenty of rootkits in a wild which can infect your
system. Actually, you're as safe as on OS X 10.10 or 10.9, so judge for
yourself."


sudo dtrace -n 'syscall:::entry /execname == "securityd"/ { printf("%s %s",execname,copyinstr(arg0)); }'
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Jul 17, 2017 5:26 pm    Post subject: Reply with quote

dtrace_oneliners.txt - DTrace one liners. Handy commands

# Files opened by process,
dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }'
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Jul 17, 2017 5:29 pm    Post subject: Reply with quote

amazon - Advanced Apple Debugging & Reverse Engineering
Exploring Apple code through LLDB, Python and DTrace




"In Advanced Apple Debugging and Reverse Engineering, you'll come to
realize debugging is an enjoyable process to help you better understand
software. Not only will you learn to find bugs faster, but you'll also learn
how other developers have solved problems similar to yours. You'll also
learn how to create custom, powerful debugging scripts that will help you
quickly find the secrets behind any bit of code that piques your interest."
Back to top
View user's profile Send private message Visit poster's website
delovski



Joined: 14 Jun 2006
Posts: 3522
Location: Zagreb

PostPosted: Mon Jul 17, 2017 5:46 pm    Post subject: Reply with quote

Mark Dalrymple - Hooked on DTrace, part 1

"What is this 'DTrace' thing? It stands for 'Dynamic Tracing', a way you can
attach 'probes' to a running system and peek inside as to what it is doing. It
was created by Sun for Solaris, and was ported to the Mac in the Mac OS X
10.5 'Leopard' time frame. DTrace is not available on iOS, but you can use it
in the simulator.

Imagine being able to say - whenever malloc is called in Safari, record the
amount of memory that's been asked for. Or - whenever anyone opens
Hasselhoff.mov on the system, tell me the app that's doing so. Or - show
me every message being sent to this particular object. Or - show me where
every NSUndoManager has been created, and tell me the address of that
object in memory.

See what files are being opened by Time Machine during a backup, including
the files being backed up:

Code:
# dtrace -n 'syscall::open*:entry /execname == "backupd"/ { printf ("%s", copyinstr(arg0)); }'


Replace 'backupd' with 'mdworker' to see what Spotlight is indexing on
your system."
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Igor Delovski Board Forum Index -> Dev Links All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Delovski.hr
Powered by php-B.B. © 2001, 2005 php-B.B. Group