.TH whatexec.d 1m  "$Date:: 2007-08-05 #$" "USER COMMANDS"
.SH NAME
whatexec.d \- Examine the type of files exec'd. Uses DTrace.
.SH SYNOPSIS
.B whatexec.d
.SH DESCRIPTION
This prints the first four chacacters of files that are executed.
This traces the kernel function findexec_by_hdr(), which checks for
a known magic number in the file's header.

The idea came from a demo I heard about from the UK, where a
"blue screen of death" was displayed for "MZ" files (although I
haven't seen the script or the demo).

Since this uses DTrace, only the root user or users with the
dtrace_kernel privilege can run this command.
.SH OS
Solaris
.SH STABILITY
unstable - this script uses fbt provider probes which may change for
future updates of the OS, invalidating this script. Please read
Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts.
.SH EXAMPLES
.TP
Trace execs as they occur,
# 
.B whatexec.d
.PP
.SH FIELDS
.TP
PEXEC
parent command name
.TP
EXEC
pathname to file exec'd
.TP
OK
is type runnable, Y/N
.TP
TYPE
first four characters from file
.PP
.SH DOCUMENTATION
See the DTraceToolkit for further documentation under the 
Docs directory. The DTraceToolkit docs may include full worked
examples with verbose descriptions explaining the output.
.SH EXIT
whatexec.d will trace until Ctrl\-C is hit. 
.SH AUTHOR
Brendan Gregg
[Sydney, Australia]
.SH SEE ALSO
dtrace(1M)