Hi!
I'm trying to find out what a program does, and found it does a lot of
unlink syscalls, so I wanted to see what it unlinks.
I tried
# dtrace -n syscall::unlink:entry'/pid == 27647/{ self->file = arg0; }' -n
syscall::unlink:return'{ trace(copyinstr(self->file)); self->file = 0; }'
but this just gives me lots of
dtrace: error on enabled probe ID 2 (ID 405: syscall::unlink:return): invalid
address (0x79c4586577ce) in action #1 at DIF offset 12
: No such file or directory
(yes, including that weird newline in the middle).
What's the proper way to do this?
Thanks,
Thomas
