Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Jul 2014 23:19:02 +0000 (UTC)
From:      "George V. Neville-Neil" <gnn@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r269360 - head/cddl/contrib/dtracetoolkit/Apps
Message-ID:  <201407312319.s6VNJ2pp073229@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: gnn
Date: Thu Jul 31 23:19:01 2014
New Revision: 269360
URL: http://svnweb.freebsd.org/changeset/base/269360

Log:
  Update shellsnoop to work on FreeBSD.
  
  Contributed by: skreuzer

Modified:
  head/cddl/contrib/dtracetoolkit/Apps/shellsnoop

Modified: head/cddl/contrib/dtracetoolkit/Apps/shellsnoop
==============================================================================
--- head/cddl/contrib/dtracetoolkit/Apps/shellsnoop	Thu Jul 31 23:17:59 2014	(r269359)
+++ head/cddl/contrib/dtracetoolkit/Apps/shellsnoop	Thu Jul 31 23:19:01 2014	(r269360)
@@ -1,4 +1,4 @@
-#!/usr/bin/sh
+#!/bin/sh
 #
 # shellsnoop - A program to print read/write details from shells,
 #	       such as keystrokes and command outputs.
@@ -140,18 +140,14 @@ dtrace -n '
  /*
   * Remember this PID is a shell child
   */
- syscall::exec:entry, syscall::exece:entry
+ syscall::execve:entry
  /execname == "sh"   || execname == "ksh"  || execname == "csh"  || 
   execname == "tcsh" || execname == "zsh"  || execname == "bash"/
  {
 	child[pid] = 1;
  
-	/* debug */
-	this->parent = (char *)curthread->t_procp->p_parent->p_user.u_comm;
-	OPT_debug == 1 ? printf("PID %d CMD %s started. (%s)\n",
-	    pid, execname, stringof(this->parent)) : 1;
  }
- syscall::exec:entry, syscall::exece:entry
+ syscall::execve:entry
  /(OPT_pid == 1 && PID != ppid) || (OPT_uid == 1 && UID != uid)/
  {
 	/* forget if filtered */
@@ -256,12 +252,12 @@ dtrace -n '
  /*
   *  Cleanup
   */
- syscall::rexit:entry
+ syscall::exit:entry
  {
 	child[pid] = 0;
 
 	/* debug */
-	this->parent = (char *)curthread->t_procp->p_parent->p_user.u_comm;
+	this->parent = (char *)curthread->td_proc->p_pptr->p_comm;
 	OPT_debug == 1 ? printf("PID %d CMD %s exited. (%s)\n",
 	 pid, execname, stringof(this->parent)) : 1;
  }

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407312319.s6VNJ2pp073229>