dtrace/truss, ptrace /proc/sys basics

On freebsd, truss works by stopping and restarting the process being monitored via ptrace()
On Solaris, truss works by stopping and restarting the process being monitored via /proc. Dtrace doesn’t stop/start a process, therefore adds lower overhead.
    
/proc is readable by cat not less.
/proc is mostly readonly, but on linux /proc/sys is writable !

http://www.linuxjournal.com/article/2365?page=0,0 is good intro. Wikipedia says

By using ptrace (the name is an abbreviation of “process trace”) one process can control another, enabling the controller to manipulate the internal state of its target. ptrace is used by debuggers such as gdb and dbx.

By attaching to another process using the ptrace call, a tool can single-step through the target’s code. The ability to write into the target’s memory allows not only its data store to be changed, but also the applications own code segment, allowing the controller to install breakpoints and patch the running code of the target.

ptrace is available as a system call on AIX, FreeBSD, Mac OS X, Linux, and HPUX up to 11. On Solaris, ptrace is implemented as a library call, built on top of Solaris kernel’s procfs filesystem; Sun notes that ptrace on Solaris is intended for compatibility, and recommends that new implementations use the richer procfs.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s