Monitoring Cocoa applications to run external utilities (like ffmpeg) on Mac OS X?

Question

Monitoring Cocoa applications to run external utilities (like ffmpeg) on Mac OS X?

There are Mac GUI applications that provide an interface for the uglier command-line tools (often included in the application package). I would like to see what happens under the hood of such graphical interfaces.

How to "attach" to an application, control it for command line utilities calls and record the file name and command line parameters of these calls?

A solution may also be an application that records the execution of all applications on Mac OS X (filters out the most common system calls).

Example GUI: http://xact.sourceforge.net/ (since it is open source, you can just debug it, but xACT is just an example. Let's pretend that we only have ready-made * .app for monitoring).

Update: dtrace can track exec calls and print the name of the called command. which is half the solution, the other half receives command line arguments. which has not been decided yet (until someone confirms that they have dtrace to do this).

+4

debugging cocoa dtrace tracing macos

Captsolo Jan 19 '09 at 22:44

source share

4 answers

Barry kelly · Answer 1 · 2010-10-11T19:07:10+0000

DTrace can do the job. Based on the discussion I had with Joey Hagedorn in the comments elsewhere on this subject, the script that comes with 10.6 can be improved to work with a reasonable number of arguments (50+). Since the script has many repetitions, I will include here a script that outputs a DTrace script that works well. This allows up to 50 arguments; you can increase the number of arguments by changing the for-loop.

#!/bin/bash cat <<HEADER #!/usr/sbin/dtrace -s /* * newproc.d - snoop new processes as they are executed. DTrace OneLiner. * * This is a DTrace OneLiner from the DTraceToolkit. * * 15-May-2005 Brendan Gregg Created this. */ /* * Updated to capture arguments in OS X. Unfortunately this isn't straight forward... */ #pragma D option quiet this unsigned long long argv_ptr; /* Wide enough for 64 bit user procs */ proc:::exec-success { print_pid[pid] = 1; /* This pid emerged from an exec, make a note of that. */ } /* * The "this" variables are local to (all) of the following syscall::mmap:return probes, * and only those probes. They must be initialized before use in each new firing. */ syscall::mmap:return { this->argc = 0; /* Disable argument collection until we notice an exec-success */ } syscall::mmap:return / print_pid[pid] / { print_pid[pid] = 0; this->is64Bit = curpsinfo->pr_dmodel == PR_MODEL_ILP32 ? 0 : 1; this->wordsize = this->is64Bit ? 8 : 4; this->argc = curpsinfo->pr_argc; this->argc = (this->argc < 0) ? 0 : this->argc; /* Safety */ this->argv_ptr = curpsinfo->pr_argv; printf("%d %s ", pid, this->is64Bit ? "64b" : "32b"); } HEADER for ((i=0;i<50;++i)); do cat <<REPEAT syscall::mmap:return / this->argc / { this->here_argv = copyin(this->argv_ptr, this->wordsize); this->arg = this->is64Bit ? *(unsigned long long*)(this->here_argv) : *(unsigned long*)(this->here_argv); printf("%s ", copyinstr(this->arg)); this->argv_ptr += this->wordsize; this->argc--; } REPEAT done cat <<FOOTER syscall::mmap:return / this->argv_ptr / { printf("%s\n", this->argc > 0 ? "(...)" : ""); this->argc = 0; this->argv_ptr = 0; } FOOTER

Mike morearty · Answer 2 · 2013-01-26T21:16:18+0000

newproc.d is another dtrace script that does also print process command line arguments in process names. The launch is simple:

 sudo newproc.d

This works for me on OS X Mountain Lion. Older versions may have various problems; see the comment on this> Response to ServerFault for some discussion of newproc.d on Leopard and Snow Leopard.

In addition, you should be aware of a few minor limitations. If you look at the source code of the script, it means that it will not display more than 5 arguments and will not display arguments longer than 128 characters:

 /* * Updated to capture arguments in OS X. Unfortunately this isn't straight forward... nor inexpensive ... * Bound the size of copyinstr() and printf incrementally to prevent "out of scratch space errors" * print "(...)" if the length of an argument exceeds COPYINSTRLIMIT. * print "<...>" if argc exceeds 5. */ inline int COPYINSTRLIMIT = 128;

user23743 · Answer 3 · 2009-01-19T22:47:55+0000

You can use dtrace to monitor exec * () system calls and display arguments when they are called. dtrace is described here: https://wikis.oracle.com/display/DTrace/Documentation

Captsolo · Answer 4 · 2009-01-20T01:21:44+0000

Graham: dtrace would be perfect here. could you (or anyone else here) show a dtrace script that prints the process command line?

This oneliner prints the names of the processes that are running:

 dtrace -qn 'syscall::exec*:return { printf("%Y %s\n",walltimestamp,curpsinfo->pr_psargs); }'

But how to get / print command line arguments?

Monitoring Cocoa applications to run external utilities (like ffmpeg) on ​​Mac OS X?

More articles:

Monitoring Cocoa applications to run external utilities (like ffmpeg) on Mac OS X?