1 .TH whatexec.d 1m "$Date:: 2007-08-05 #$" "USER COMMANDS"
3 whatexec.d \- Examine the type of files exec'd. Uses DTrace.
7 This prints the first four chacacters of files that are executed.
8 This traces the kernel function findexec_by_hdr(), which checks for
9 a known magic number in the file's header.
11 The idea came from a demo I heard about from the UK, where a
12 "blue screen of death" was displayed for "MZ" files (although I
13 haven't seen the script or the demo).
15 Since this uses DTrace, only the root user or users with the
16 dtrace_kernel privilege can run this command.
20 unstable - this script uses fbt provider probes which may change for
21 future updates of the OS, invalidating this script. Please read
22 Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts.
25 Trace execs as they occur,
35 pathname to file exec'd
41 first four characters from file
44 See the DTraceToolkit for further documentation under the
45 Docs directory. The DTraceToolkit docs may include full worked
46 examples with verbose descriptions explaining the output.
48 whatexec.d will trace until Ctrl\-C is hit.