self->arg1 is the address of a buffer in user land. You need to do a copyin before accessing it.
Sent from my iPhone On Dec 13, 2011, at 16:00, "Szabo, Steve <steve.g.sz...@tdsecurities.com> wrote: > I'm not sure if I understand this correctly but I would like to access the > values after the system call returns. > > > > syscall::stat:entry { /* int stat(const char *restrict path, struct stat > *restrict buf); */ > > /* where arg0 = const char *restrict path */ > /* arg1 = struct stat *restrict buf */ > > self->arg0 = copyinstr ( arg0 ); > self->arg1 = (struct stat *) arg1; > > } > > syscall::stat:return / self->arg0 != 0 / { > > printf ( "%-10d %-10d %-10s: [%-25s:%-10d:%-10d]", > pid, > uid, > execname, > self->arg0, > arg0 == 0 ? self->arg1->st_uid : -1, > arg0 == 0 ? self->arg1->st_gid : -1 ); > > self->arg0 = 0; > self->arg1 = 0; > > } > > When :entry fires it should store the pointer to stat buf to be used in the > :return event. > > When :return fires I get the following when the return value of 'stat()' is > zero: > > dtrace: error on enabled probe ID 2 (ID 4694: syscall::stat:return): invalid > address (0xfcc7bd48) in action #5 at DIF offset 48 > > > What am I doing wrong? > > > > > > Cheers > ------------------------------------------------------------------------- > > > NOTICE: Confidential message which may be privileged. Unauthorized > use/disclosure prohibited. If received in error, please go to > www.td.com/legal for instructions. > AVIS : Message confidentiel dont le contenu peut être privilégié. > Utilisation/divulgation interdites sans permission. Si reçu par erreur, > prière d'aller au www.td.com/francais/avis_juridique pour des instructions. > > _______________________________________________ > dtrace-discuss mailing list > dtrace-discuss@opensolaris.org
_______________________________________________ dtrace-discuss mailing list dtrace-discuss@opensolaris.org