search

SeeFlowerX / stackplz

基于eBPF的堆栈追踪工具
Apache License 2.0
925 stars 179 forks source link

[FR] 调用命令行启动并监控进程 #32

Closed Ylarod closed 11 months ago

Ylarod commented 11 months ago

比如分析 native 进程的时候:

as option:

./stackplz -s all --exec "./foo" 

or

as parameter:

./stackplz -s all -- "./foo"
SeeFlowerX commented 11 months ago

可执行程序在另一个shell正常运行即可,先通过echo $$获取到pid,然后用--no-pid排除掉即可

./stackplz -s all --pid {pid} --no-pid {pid}
Ylarod commented 11 months ago

可执行程序在另一个shell正常运行即可,先通过echo $$获取到pid,然后用--no-pid排除掉即可

./stackplz -s all --pid {pid} --no-pid {pid}

这样追踪不到启动时的 syscall,实现的时候可以 fork -> 记录并追踪子进程PID -> 子进程exec

SeeFlowerX commented 11 months ago

那可以在执行可执行程序的时候,再套一个shell,比如/system/bin/sh ./foo

SeeFlowerX commented 11 months ago

或者不套也行,就追踪运行可执行程序的那个shell的全部syscall也是一样,也不会有多少干扰

Ylarod commented 11 months ago

  1. shell 1

    echo $$

  2. shell 2

    stackplz -p pid

  3. shell 1

    ./foo