2 * Copryight 1997 Sean Eric Fagan
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 * 3. All advertising materials mentioning features or use of this software
13 * must display the following acknowledgement:
14 * This product includes software developed by Sean Eric Fagan
15 * 4. Neither the name of the author may be used to endorse or promote
16 * products derived from this software without specific prior written
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * $FreeBSD: src/usr.bin/truss/main.c,v 1.15.2.3 2002/05/16 23:41:23 peter Exp $
35 * The main module for truss. Suprisingly simple, but, then, the other
36 * files handle the bulk of the work. And, of course, the kernel has to
37 * do a lot of the work :).
40 #include <sys/param.h>
41 #include <sys/ioctl.h>
42 #include <sys/pioctl.h>
43 #include <sys/ucred.h>
44 #include <sys/mount.h>
58 char procfs_path
[FILENAME_MAX
];
62 * These should really be parameterized -- I don't like having globals,
63 * but this is the easiest way, right now, to deal with them.
71 fprintf(stderr
, "%s\n%s\n",
72 "usage: truss [-S] [-o file] -p pid",
73 " truss [-S] [-o file] command [args]");
79 void (*enter_syscall
)(struct trussinfo
*, int);
80 int (*exit_syscall
)(struct trussinfo
*, int);
83 { "DragonFly ELF64", x86_64_syscall_entry
, x86_64_syscall_exit
},
84 { "FreeBSD ELF64", x86_64_syscall_entry
, x86_64_syscall_exit
},
90 * Set the execution type. This is called after every exec, and when
91 * a process is first monitored. The procfs pseudo-file "etype" has
92 * the execution module type -- see /proc/curproc/etype for an example.
95 static struct ex_types
*
96 set_etype(struct trussinfo
*trussinfo
) {
97 struct ex_types
*funcs
;
102 asprintf(&etype
, "%s/%d/etype", procfs_path
, trussinfo
->pid
);
104 err(1, "Out of memory");
105 if ((fd
= open(etype
, O_RDONLY
)) == -1) {
106 strcpy(progt
, "FreeBSD a.out");
108 int len
= read(fd
, progt
, sizeof(progt
));
114 for (funcs
= ex_types
; funcs
->type
; funcs
++)
115 if (!strcmp(funcs
->type
, progt
))
118 if (funcs
->type
== NULL
) {
119 funcs
= &ex_types
[0];
120 warn("Execution type %s is not supported -- using %s\n",
127 main(int ac
, char **av
) {
130 struct procfs_status pfs
;
131 struct ex_types
*funcs
;
132 struct statfs
*mntbuf
;
136 struct trussinfo
*trussinfo
;
138 /* Initialize the trussinfo struct */
139 trussinfo
= (struct trussinfo
*)malloc(sizeof(struct trussinfo
));
140 if (trussinfo
== NULL
)
141 errx(1, "malloc() failed");
142 bzero(trussinfo
, sizeof(struct trussinfo
));
143 trussinfo
->outfile
= stderr
;
145 /* Check where procfs is mounted if it is mounted */
146 if ((mntsize
= getmntinfo(&mntbuf
, MNT_NOWAIT
)) == 0)
147 err(1, "getmntinfo");
148 for (i
= 0; i
< mntsize
; i
++) {
149 if (strcasecmp(mntbuf
[i
].f_mntfromname
, "procfs") == 0) {
150 strlcpy(procfs_path
, mntbuf
[i
].f_mntonname
, sizeof(procfs_path
));
157 err(1, "You must have a mounted procfs to use truss");
160 while ((c
= getopt(ac
, av
, "p:o:S")) != -1) {
162 case 'p': /* specified pid */
163 trussinfo
->pid
= atoi(optarg
);
164 if (trussinfo
->pid
== getpid()) {
165 /* make sure truss doesn't trace itself */
166 fprintf(stderr
, "truss: attempt to self trace: %d\n", trussinfo
->pid
);
170 case 'o': /* Specified output file */
173 case 'S': /* Don't trace signals */
174 trussinfo
->flags
|= NOSIGS
;
181 ac
-= optind
; av
+= optind
;
182 if ((trussinfo
->pid
== 0 && ac
== 0) || (trussinfo
->pid
!= 0 && ac
!= 0))
185 if (fname
!= NULL
) { /* Use output file */
186 if ((trussinfo
->outfile
= fopen(fname
, "w")) == NULL
)
187 errx(1, "cannot open %s", fname
);
191 * If truss starts the process itself, it will ignore some signals --
192 * they should be passed off to the process, which may or may not
193 * exit. If, however, we are examining an already-running process,
194 * then we restore the event mask on these same signals.
197 if (trussinfo
->pid
== 0) { /* Start a command ourselves */
199 trussinfo
->pid
= setup_and_wait(command
);
200 signal(SIGINT
, SIG_IGN
);
201 signal(SIGTERM
, SIG_IGN
);
202 signal(SIGQUIT
, SIG_IGN
);
204 signal(SIGINT
, restore_proc
);
205 signal(SIGTERM
, restore_proc
);
206 signal(SIGQUIT
, restore_proc
);
211 * At this point, if we started the process, it is stopped waiting to
212 * be woken up, either in exit() or in execve().
215 Procfd
= start_tracing(
216 trussinfo
->pid
, S_EXEC
| S_SCE
| S_SCX
| S_CORE
| S_EXIT
|
217 ((trussinfo
->flags
& NOSIGS
) ? 0 : S_SIG
));
223 funcs
= set_etype(trussinfo
);
225 * At this point, it's a simple loop, waiting for the process to
226 * stop, finding out why, printing out why, and then continuing it.
227 * All of the grunt work is done in the support routines.
233 if (ioctl(Procfd
, PIOCWAIT
, &pfs
) == -1)
234 warn("PIOCWAIT top of loop");
236 switch(i
= pfs
.why
) {
238 funcs
->enter_syscall(trussinfo
, pfs
.val
);
242 * This is so we don't get two messages for an exec -- one
243 * for the S_EXEC, and one for the syscall exit. It also,
244 * conveniently, ensures that the first message printed out
245 * isn't the return-from-syscall used to create the process.
252 funcs
->exit_syscall(trussinfo
, pfs
.val
);
255 fprintf(trussinfo
->outfile
, "SIGNAL %lu\n", pfs
.val
);
259 fprintf (trussinfo
->outfile
, "process exit, rval = %lu\n", pfs
.val
);
262 funcs
= set_etype(trussinfo
);
266 fprintf (trussinfo
->outfile
, "Process stopped because of: %d\n", i
);
270 if (ioctl(Procfd
, PIOCCONT
, val
) == -1) {
271 if (kill(trussinfo
->pid
, 0) == -1 && errno
== ESRCH
)
276 } while (pfs
.why
!= S_EXIT
);
277 fflush(trussinfo
->outfile
);
279 if (sigexit
== SIGQUIT
)
281 (void) signal(sigexit
, SIG_DFL
);
282 (void) kill(getpid(), sigexit
);