A lot of debugging can be
done with truss, in order to see what system calls are called by programs.
While it can be a real
time saver, it can only run on a pid or a specific command.
What if you want to see,
who is doing that particular system call ?
The answer is probevue.
Probevue is a useful
dynamic tracing command, which can be
used to trace specific system calls, and it allows to do some code, in order to
get specific info.
I have used it for some
time, now, and it helped a lot for debugging purposes.
In this example, I want to
know, who is writing to a file, and even what it is writing :
darkstar:root:/home/moi# touch /tmp/myfile
darkstar:root:/home/moi#
this is the content of my probevue file
#!/bin/probevue
#
#
PArametre : nom de fichier entre quotes : \"/tmp/tutu\"
int open(char *filename, int m, int p);
int kwrite(int fd, char *s, int size);
int write(int fd, char *s, int size);
@@BEGIN
{
printf ("\n ==> Surveillance
des ecritures sur %s <== \n",$1);
}
@@syscall:*:open:entry
{
__auto
String filename[256];
filename
= get_userstring(__arg1, -1);
if
(filename == $1)
{
printf("\n (%s) ouverture de %s par %s (pid: %d)
\n",get_function(),filename,__pname,__pid);
thread:open = 1;
}
}
@@syscall:*:open:exit
when (thread:open == 1)
{
thread:fd = __rv;
//printf(" (%s) thread:fd = %d\n",get_function(),thread:fd);
}
@@syscall:*:write:entry
when (thread:open == 1)
{
__auto String buffer[256];
buffer = get_userstring(__arg2, 128);
//printf("file descriptor : %ld \n",thread:fd);
printf(" (%s) programme %s (%d) a ecrit
",get_function(),__pname, __pid);
printf(" : %s
",buffer);
thread:write = 1;
thread:open = 0;
}
@@syscall:*:write:exit
when (thread:write ==
1 )
{
printf(" (%s) rc = %d \n",get_function(),__errno);
thread:write = 0;
}
Execute it :
darkstar:root:/home/moi# ./pvwrite3
\"/tmp/myfile\"
==> Surveillance des ecritures sur /tmp/myfile
<==
And try access in another window :
darkstar:root:/home/moi# echo
AAAAAAAAAAAAAAAAAASSSSSDDDDDSQDaaa > /tmp/myfile
darkstar:root:/home/moi#
the result should be, in the first window :
darkstar:root:/home/moi# ./pvwrite3
\"/tmp/myfile\"
==> Surveillance des ecritures sur /tmp/myfile
<==
(kopen) ouverture de /tmp/myfile par ksh (pid:
53870698)
(kwrite) programme ksh (53870698) a ecrit :
AAAAAAAAAAAAAAAAAASSSSSDDDDDSQDaaa
(kwrite) rc = 0
In order to work correctly, the system should be in AIX 6.1 TL7
minimum. The script can work in lower
AIX TL, but needs to be adapted.
I will post other useful scripts, asap.