Macos Ktrace“ -t c&quot”系统呼叫跟踪在较新的MacOS上可用吗?
有人知道是否有一种方法可以通过MacOS 12+中的KTRACE追踪系统调用? (显然,这是通过禁用的SIP。)
过去可以通过以下方式跟踪系统调用:
sudo ktrace trace -s -S -t c -c ./some_binary
现在-t是简单的
将时间打印为Mach绝对时间戳,而不是默认的本地壁时钟时间。
Anyone know if there's a way to trace only system calls via ktrace in macOS 12+? (Obviously this is with SIP disabled.)
In the past one could trace system calls via:
sudo ktrace trace -s -S -t c -c ./some_binary
Now the -t is simply
Print times as Mach absolute timestamps, instead of the default local wall clock time.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
-t trstr的替换似乎是-f filter-desc。新的过滤器更灵活,但可以说使用一些提示。这是 manpage 必须说:您可以过滤的可能值在 bsd/sys/kdebug.h 在
类和子类定义下。因此,如果您对BSD Syscalls感兴趣,那就是
-f C4(类4 =dbg_bsd)。 Mach Syscalls(又称陷阱)将为-f S0X010C(类1 =dbg_mach,subclass0c=dbg_mach_excp_excp_sc) 。因此,要显示BSD Syscalls和Mach陷阱:
根据您的追求,您可能还需要
C2,C3(dbg_network和dbg_fsystem) 。The replacement for
-t trstrseems to be-f filter-desc. The new filters are more flexible but arguably a bit fiddlier to use. Here's what the manpage has to say:The possible values you can filter on are defined in bsd/sys/kdebug.h under
Class and subclass definitions.So if you're interested in BSD syscalls, that's
-f C4(class 4 =DBG_BSD). Mach syscalls (aka traps) would be-f S0x010c(class 1 =DBG_MACH, subclass0c=DBG_MACH_EXCP_SC).So to show BSD syscalls and Mach traps:
Depending on what you're after, you might also want
C2,C3(DBG_NETWORKandDBG_FSYSTEM).