跟踪格式条目的语法了解了跟踪格式条目的构件后,让我们将所有构件组装起来并尝试编写一个完整的跟踪格式条目。
1
2
3
4
5
6
7
8
9
10
11
12
13
| HOOK_ID version L=APPL/SYS/KERN "name" \
Macro%Format code,\
Matchvalue1 {,\
Format code,\
Matchvalue1a { Action },\
Matchvalue1b { Action }\
},\
Matchvalue2 {,\
Macro%Format code,\
Matchvalue2a { Action },\
Matchvalue2b { Action }\
}
Action could be any combination of building blocks that we have looked at.
|
示例下面的 C 程序使用 TRCHKL4 和 TRCGEN 定义的宏记录了跟踪条目:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| #include <sys/types.h>
#include <sys/trchkid.h>
#include <stdio.h>
#define HKWD_CUSTOM 0x01000000
main()
{
char s[]="malloc";
char s1[]="successful malloc";
int *i;
int j=5;
int k=20;
i=malloc(sizeof(int)*10);
/*
* please note the way string is
* passed as one of the datawords in non-generic trace API
*/
TRCHKL4(HKWD_CUSTOM,*(unsigned long *)s,i,sizeof(int),10);
TRCGEN(0,HKWD_CUSTOM|0x20,strlen(s1),strlen(s1),(char *)s1);
i[5]=20;
TRCHKL3(HKWD_CUSTOM+0x1,i+j,j,k);
}
|
编译上述 C 程序:
1
| cc -q64 -g myc.c -l rts
|
运行(只捕捉从钩子 ID 010 传入的条目):
1
| trace -aj 010 ; ./a.out ; trcstop
|
“MyCustomHook” 的跟踪条目格式:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| #cat mytrace
##########################
# Check if, the entry is GENERIC
# If, not then check for subhook ID using $HD%D1
# if, Subhookid is 0 datawords using Macros
# if, subhookid is 1 print simple datawords
# if, none matched print Undefined Hook and subhook id
#if, the entry is GENERIC print ASCII string using LOOP construct
# where the length of the String is in Dataword1
# HL macro can also be used to access the length as shown below
###########################
010 1.0 L=APPL "MyCustomHook" \
$GENERIC,\
0 {\
$HD%D1,\
0 { "Activity="G8 A10 \
"Address=0x"$D2 {{ $total_size = $D3 * $D4 }} \
"Size="$total_size%D4 },\
1 { "Address=0x"$D1 "Array Index="$D2%D4 "Value="$D3%D4 },\
\* {"Undefined Hook with subhook id = "$HD%D1 }\
},\
1 { "String Length=" $D1%D4 {{ $loopcnt = $HL }} G16 LOOP $loopcnt {A0} }
|
使用自定义的跟踪条目格式查看跟踪条目:
1
2
3
4
5
6
| #trcrpt -t mytrace
ID ELAPSED_SEC DELTA_MSEC APPL SYSCALL KERNEL INTERRUPT
010 0.003872577 3.872577 MyCustomHook Activity=malloc Address=0x110000970 Size=40
010 0.003874101 0.001524 MyCustomHook String Length=17 successful malloc
010 0.003874956 0.000855 MyCustomHook Address=0x110000984 Array Index=5 Value=20
|
|