self->arg1 is the address of a buffer
in user land. You need to do a
copyin before accessing it.
Sent from my iPhone
On Dec 13, 2011, at 16:00, "Szabo, Steve <steve.g.sz...@tdsecurities.com> wrote:
> I'm not sure if I understand this correctly but I would like to access the
> values after the system call returns.
>
>
>
> syscall::stat:entry { /* int stat(const char *restrict path, struct stat
> *restrict buf); */
>
> /* where arg0 = const char *restrict path */
> /* arg1 = struct stat *restrict buf */
>
> self->arg0 = copyinstr ( arg0 );
> self->arg1 = (struct stat *) arg1;
>
> }
>
> syscall::stat:return / self->arg0 != 0 / {
>
> printf ( "%-10d %-10d %-10s: [%-25s:%-10d:%-10d]",
> pid,
> uid,
> execname,
> self->arg0,
> arg0 == 0 ? self->arg1->st_uid : -1,
> arg0 == 0 ? self->arg1->st_gid : -1 );
>
> self->arg0 = 0;
> self->arg1 = 0;
>
> }
>
> When :entry fires it should store the pointer to stat buf to be used in the
> :return event.
>
> When :return fires I get the following when the return value of 'stat()' is
> zero:
>
> dtrace: error on enabled probe ID 2 (ID 4694: syscall::stat:return): invalid
> address (0xfcc7bd48) in action #5 at DIF offset 48
>
>
> What am I doing wrong?
>
>
>
>
>
> Cheers
> -------------------------------------------------------------------------
>
>
> NOTICE: Confidential message which may be privileged. Unauthorized
> use/disclosure prohibited. If received in error, please go to
> www.td.com/legal for instructions.
> AVIS : Message confidentiel dont le contenu peut être privilégié.
> Utilisation/divulgation interdites sans permission. Si reçu par erreur,
> prière d'aller au www.td.com/francais/avis_juridique pour des instructions.
>
> _______________________________________________
> dtrace-discuss mailing list
> dtrace-discuss@opensolaris.org
_______________________________________________
dtrace-discuss mailing list
dtrace-discuss@opensolaris.org
