tracing libc calls with dtrace

In order to find if I can affect a program through environment variables, I decided to trace all getenv calls and see if there is something interesting. Easy to said, harder to make. Fortunately, it is possible.

Quite fast, I found that I want to use the tool dtrace. To my disappointment, I realized that I could not just click and run this tool, but had to learn.

Therefore, at the first I skipped the document Tracing User Processes and returned to it only after making all the exercises of a tutorial: Introduction. Finally, I managed to get what I want:


$ cat getenv.d 
pid$target:libSystem.B.dylib:getenv:entry
{
    printf("getenv: '%s'", copyinstr(arg0));
}
% sudo dtrace -s getenv.d -c my_program

Note 1: Under Mac OS X, libc seems to be libSystem.B.dylib

Note 2: According to the documentation, I could use args[] array. But for some reason, I could not. Instead, I cast the first argument (int) to a string.

Leave a Reply