Question
I'm using the following DTrace script to follow the read and write syscalls of bash:
https://stackoverflow.com/questions/15850887
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiansyscall::write:entry,
syscall::read:entry
/execname == "bash"/
{
}
It successfully matches 2 probes, but no matter what I type, I only see the read calls. No write calls are ver reported. I was expecting to get write calls when the shell echos back to screen.
Is the script wrong, or am I under the wrong assumptions of how bash works?
I'm running under OSX Mountain Lion
Solution
Try with a wildcard after "write". This will list the matching probes:
sudo dtrace -l -n 'syscall::write*:entry'
And this will probably get you the output you expect:
syscall::write*:entry,
syscall::read*:entry
/execname == "bash"/
{
}
The call being used is probably write_nocancel.
