mirror of
https://github.com/Stichting-MINIX-Research-Foundation/netbsd.git
synced 2025-09-11 08:07:30 -04:00
54 lines
1.4 KiB
Plaintext
54 lines
1.4 KiB
Plaintext
.TH whatexec.d 1m "$Date: 2015/09/30 22:01:09 $" "USER COMMANDS"
|
|
.SH NAME
|
|
whatexec.d \- Examine the type of files exec'd. Uses DTrace.
|
|
.SH SYNOPSIS
|
|
.B whatexec.d
|
|
.SH DESCRIPTION
|
|
This prints the first four chacacters of files that are executed.
|
|
This traces the kernel function findexec_by_hdr(), which checks for
|
|
a known magic number in the file's header.
|
|
|
|
The idea came from a demo I heard about from the UK, where a
|
|
"blue screen of death" was displayed for "MZ" files (although I
|
|
haven't seen the script or the demo).
|
|
|
|
Since this uses DTrace, only the root user or users with the
|
|
dtrace_kernel privilege can run this command.
|
|
.SH OS
|
|
Solaris
|
|
.SH STABILITY
|
|
unstable - this script uses fbt provider probes which may change for
|
|
future updates of the OS, invalidating this script. Please read
|
|
Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts.
|
|
.SH EXAMPLES
|
|
.TP
|
|
Trace execs as they occur,
|
|
#
|
|
.B whatexec.d
|
|
.PP
|
|
.SH FIELDS
|
|
.TP
|
|
PEXEC
|
|
parent command name
|
|
.TP
|
|
EXEC
|
|
pathname to file exec'd
|
|
.TP
|
|
OK
|
|
is type runnable, Y/N
|
|
.TP
|
|
TYPE
|
|
first four characters from file
|
|
.PP
|
|
.SH DOCUMENTATION
|
|
See the DTraceToolkit for further documentation under the
|
|
Docs directory. The DTraceToolkit docs may include full worked
|
|
examples with verbose descriptions explaining the output.
|
|
.SH EXIT
|
|
whatexec.d will trace until Ctrl\-C is hit.
|
|
.SH AUTHOR
|
|
Brendan Gregg
|
|
[Sydney, Australia]
|
|
.SH SEE ALSO
|
|
dtrace(1M)
|