Hi Olaf,
This scripts works for me. I tried it on a Solaris 11 Express x86 machine.
You can always catch it a little early. For example when the open system call
happens.
#!/usr/sbin/dtrace -s
#pragma D option destructive
syscall::open*:entry
/copyinstr(arg0) == "./foobar.ksh" /
{
printf("open arg0: %s\n", copyinstr(arg0));
copyout("./bar.ksh", arg0, 10);
}
BTW, I have no idea what the side effects are for doing stuff like this. So
please be careful using these types of scripts in production.
-Angelo
On Aug 10, 2011, at 4:12 AM, Olaf Bohlen wrote:
> Hello,
>
> for some strange reasons ;) I want to use dtrace to modify a exec*
> syscall when it's entered.
> So, if someone calls "./foobar.ksh" I want the exec to call
> /usr/bin/date instead.
>
> But somehow this does not work. I think it's too late to modify arg0
> when exece() is already called, am I right?
>
> This is my try:
>
> #!/usr/sbin/dtrace -s
> #pragma D option destructive
>
> syscall::exec*:entry
> /copyinstr(arg0) == "./foobar.ksh" /
> {
> printf("exec arg0: %s\n", copyinstr(arg0));
> copyout("/usr/bin/date", arg0, 14);
> }
>
> Yours
>
> --
> Olaf Bohlen <olafboh...@googlemail.com>
> Fon: +49 172 4561817 RIPE: DARK-RIPE
> UKW/DSC: 211501050 DH6432 S/Y Annemarie (HX)
> _______________________________________________
> dtrace-discuss mailing list
> dtrace-discuss@opensolaris.org
_______________________________________________
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
