有人知道是否有办法在 macOS 12+ 中通过
ktrace过去可以通过以下方式跟踪系统调用:
sudo ktrace trace -s -S -t c -c ./some_binary
现在
-tPrint times as Mach absolute timestamps, instead of the default local wall clock time.
-t trstr-f filter-desc-f filter-desc
Apply a filter description to the trace session, controlling which events
are traced. See FILTER DESCRIPTIONS for details on the syntax of a
filter. If no filter description is provided, all events will be traced.
FILTER DESCRIPTIONS
A filter description is a comma-separated list of class and subclass specifiers that indicate
which events should be traced. A class specifier starts with ‘C’ and contains a single byte,
specified in either decimal or hex. A subclass specifier starts with ‘S’ and takes two
bytes. The high byte is the class and the low byte is the subclass of that class.
For example, this filter description would enable classes 1 and 37 and the subclasses 33 and
35 of class 5: ‘C1,C0x25,S0x0521,S0x0523’. The ‘ALL’ filter description enables events from
all classes.
您可以过滤的可能值在 bsd/sys/kdebug.h 中定义。
因此,如果您对 BSD 系统调用感兴趣,那就是
-f C4DBG_BSD-f S0x010cDBG_MACH0cDBG_MACH_EXCP_SC因此要显示 BSD 系统调用和 Mach 陷阱:
sudo ktrace trace -f C4,S0x010c -c ./some_binary
根据您的需求,您可能还需要
C2,C3DBG_NETWORKDBG_FSYSTEM