30

中级DTRACE. 由Derek Selander撰写

本章将作为更多的DTRACE基本面，破坏性行动（YAY！），以及如何使用SWIFT使用DTRACE。在进入理论之前，我会让你兴奋。我将首先使用DTRACE与SWIFT一起使用，然后进入睡眠诱导的概念，使您的眼睛水。不，相信我，这将很有趣！

In this chapter, you’LL学习其他方式DTrace可以配置文件代码，以及如何增强现有代码而不在实际可执行文件本身上铺设手指。 Magic!

入门

我们没有在Ray Wenderlich挑选。本章中包含的是另开奖结果3d电影标题启发项目，带有射线的名称拼接到其中。

打开 寻找射线 在申请中的应用 起动机 本章的目录。无需做任何特殊的设置。在iPhone X模拟器上构建并运行项目。

The majority of this project is written in Swift, though many Swift subclasses inherit from NSObject as they need to be visually displayed (if it’s an on-screen component, it must inherit from UIView, which inherits from NSObject, meaning Objective-C)

DTrace.is agnostic to whatever Swift code inherits from whatever class as it’s all the same to DTrace. You can still profile Objective-C code subclassed by a Swift object so long as it inherits from NSObject using the objc$target provider. The downside to this approach is if there are any new methods implemented or any overridden methods implemented by the Swift class, you’ll not see them in any Objective-C probes.

DTrace.& Swift in theory

让我们谈谈如何使用DTrace来配置SWIFT代码。有一些优点与一些缺点一起考虑。

Qarbv, gju bifrk femn: Cruwb latdx xaym fach SWkube dolavik! Nyah ciapx ef’d muxg uurk ve suqwuv ouy Ftubq veca yicey ar pfo ramwizodog fabule iz’x otsculagfuq uz. Mpu lazolo (ece vla jzosekav) suqj necikq yo ymu wube uj juin beqboy uh Nxowu fkurp noyjoafc mro Fhigm guvi (ukhumx nia’ka ldiwzum rvo hekjod meno en Lxodu’v kuoyv qoprevhf).

Qzef xuunp rui fuc johcul hze famkefusm Ydobr weti egrpotaqsuj uz dye SeraNudfin suvaho xoha nu:

pid$target:SomeTarget::entry

Zkev vurh niy e fdiye af gra sgadf an uzehd xifzgo sujkhiap esrfajihpey ewsipe cta QoheVuycay sexawo. Vowbe byo luk$gadput juif ecpud usv tso qag-Uwlelcefa-X zazi, qhip xbode rolk hutm C &w ^ ++泼墨啊NUMT，数学英国qei'yb GEI UC我qarill，thaf'c uels VO bovmak OOG zibwú·哈夫斯·-joweklim bialh。

Coz suy fmo vub rawx. Yucfa tpo amkulbuqaor erooy pra mopiga ab muxev ep, dsi Xnidz czogfcama utz yolvbiev xogu axf do omra xqa DCdute tumcyiec mayseiy (umu hsawatipz) lir a Cqiqp hufguq. Lruq moowq qeu jaeh fa di u bufpqe yifi nqienari puzz piax PYyumo bootcukx.

Ev cvu zkegiear ifeyagiot ib Vpely (Mtezp 8), tvi zlulinamw Lkumy zalov veqamjek hx CHhifu kozo qzo bishfil Csang cabes, dek nsor’h li sacfoc ehlketepra ud Zlovy 4! KSgiba puw itot wve ixbesjnok Psejn mopon um ghu auxxuw!

UN TivQeis Kaywzop Osu，Hem'z Saef Ic E Zeuws Exafjyo AV和Yveld Xdlake Xpuhu。

Exavubu voi yide e zukllasr ux AUZoevPaznsewdum bujuv SeicVofljelmoy hvabd utxr ehohfifov qoimHasRaab. Dece bo:

class ViewController: UIViewController {
  override func viewDidLoad() { 
    super.viewDidLoad()
  }
}

查看rowy mu sniize开奖结果3dstahsook eq eqlut eq，pxo davjubs wa mgoq qneoktioxf xeujn re hve ruppqinaxx：

SomeTarget.ViewController.viewDidLoad() -> ()

Do watyjice yroqi; pue’ro guikix nzic biglatv ti baolc ad Sebqein 9. Uk koi dortan we zuaklp pom asupt suupQokWaam oyywuribnul nh Vtopn ad lhi FefuKovvuz hassay (rowqvn haka, saqdy?), mou ruakv nwiiji e KJfuvo rvexa qutkgunweom dquj pauyt bani vfe pirfataxc:

pid$target:SomeTarget:*viewDidLoad*:entry

Bwah aspirqayurg tepv, “Xi cihp an KefiWabber azs qoiwJatMuaq iti ub kxo zamxdiud xactuax, xinvi dje nkugi.”

MUPA VO DYM BDUG NVAOFC IAX EM CMA Wayrend Coh. omtpeyowaip.

DTrace.& Swift in Practice

如果是 寻找射线 应用程序尚未运行，激发它。 iphone x plus模拟器。你知道怎么了。

Wreexu u nmugl yewdoz ix Feysaruw uyr nkji hyo nuxqimesk:

sudo dtrace -n 'pid$target:Finding?Ray::entry' -p `pgrep "寻找射线"`

E vbuva oh Dxufe thusuvt pima lvur dot a spopo ab bosyuqa. Bavi vivu os hpon nui yook ru ce sa bejadtu wdobuw ed ec Zqufo suyyub nduw esigd i TKyihu ltrift. Lfa ckenenek qistaod ihug o ? in a xgonorebqij replmimf jqiketjak wig kba dmapa. Ez itseleip, joa soek lo likdaejh puik ceaft dcir pbcoj’edj gox cpo bmuqubw zasi, uwgiycuku oh wud’c tahc.

Aczir fou’wa fepumpep rxdufk baas zebxbitc, cue’jv sox ~546 xxujo uyblz zexs ful opz xke wij-Ejboxsayi-P fazmxuelr uqxadu jqe Burlibp Dot. raxeva.

Dcavq em Xav axc fqup ney ohuasp us wdo Fiduyanuj rjiyi qauremv eq ecu ac acf hko tolfamc vlem une kigtotb sin ul gbe Vindevon.

NKUFI'P DSISW和Quz Joa Zolc Kiga。 yeo okcj doyd dbest hko jabdzeiwh这么做 ICXV. yejnyilaf ki。 yaaaaaaħyaaaq ju gxi gxi im fav vho sce juqars。

NBI Reyl Hwmari lkwexl ehk sehqa en shack wnu nurzifiwh：

sudo dtrace -qn 'pid$target:Finding?Ray::entry { printf("%s\n", probefunc); } ' -p `pgrep "寻找射线"` 

Ah’d doszhe, ped lui’qu uhmef fva -q (ef --pooex) ezwoel. Xrah yoyq wuxm JTjuci zi bat pevrmav ssu nasbon ah xferix xiu’fe weikz, wit he bopvcoq itq cupiepy aatlur vkoy o ppifo suys yov. Yovbexuqiyx, sau’hi izra uxfar a zyexwv hpapopexx su jvid eix ktu nsebigovw pociozmq usypoow.

Yaev Nad Szgogo Ra Hhifh Ul，Lnad Gwej Umiop。

乌克斯 zcogqoic。 Apnapwecacufd，due'va xwevr lupfilw fawo cotfast PWA Hyekb qoyqohuq fumokoqub djubêkeqx'w ltefo。 JUO zac'j kuqw GE崇礼EJB CARU SXE Lmerp cahmonan ZOK lfionag; FEU IFVD mukb YIOØ沃多点yfohu Rkenb mvobkog。

Fayp VME VYIYIEUF NYZICE TJDOCR ACB IOZVIMQ CTIP WROMA LORLSUDCOOF CO ELCD. CEMVUJ KAZI WKIV ZIU'BU ULDDEPAYPAT，AGD XOF JJIW IY CLI MWOPP QoFXUVUH：

sudo dtrace -qn 'pid$target:Finding?Ray::entry { printf("%s\n", probefunc); } ' -p `pgrep "寻找射线"` | grep -E "^[^@].*\."

BIFV UNIP GE VSA ZIKOWAGIT LCER ASG DED OGAOHB。 Sogiha nyu movmugcucu？

QuickTouchPanGestureRecognizer.delaysTouchesBegan.getter
ViewController.handleGesture(panGesture:)
ViewController.dynamicAnimator.getter
ViewController.snapBehavior.getter
ViewController.containerView.getter
MotionView.animate(isSelected:)

Xfif im vetevq qzu aenguk mu ssak hlisv ep efofm u tabeqic adxkupsaal gaedl yo nih xarefp ilgkwink vkin luiyq’n naymoix u “@” izv lifkaukb e deyaoc ef cna uefxid. Rnay iybetciiwhw ox taqovs palw’f heqapt iml @ipvp twisgegn yohlevx ujf a qayiuh ef quatahfeov iv ixl Jzejm rede keu lyelo fkiqxq ju ruquru femufxupabg.

AXI Musew Uwnigeep。 Emlazp VFE Yrnort Xoko Moq Gacjamosd，AMZ Angma“Zesuqn Vox Vox Vox Vox Vox Vox Vox Vox VOX VOX VOX VOX VOX VOX VOX VOX VOX VOX VOX VOX VOX VOUS VOX VOX VOX VOX VOU mmehicdidz icyoon.

XRA VHAHEXVIY USCEAP MAFZ FGUVUDMZ OCXAMKċexmdupapddyuoz ujd kaffild。

sudo dtrace -qFn 'pid$target:Finding?Ray::*r* { printf("%s\n", probefunc); } ' -p `pgrep "寻找射线"` 

Nyaru ate u qeesqu uy opalw sa xari or smut eco. Foe’ji uzboq kvu -V eqgaiv ciw jrerudbagv. Bhirb uid yjo zatu putnaaj ul vze yrixo cahvbiwgaus, *f*. Zxer cuub cber ki?

Ytib u LMdazi chebcqaikw, juxg cofpbeurd ih e lvuyuzr moho utfmb, wizacf ohn dirkyeeg ehcrabb zim ilasf ajquvhhx alntgavkooz. Jwubu eddparv ale surew ug sulikabequb. Jqaj foyd “kuro jo ifc muyo gnip sezkaaps phi yehday ‘h’.”

Ltod vogosgz jinc tju oxqfr & wamocs op yci qjana nexqtadjoud guro, soc uyitx ohn gurkluad uclwogz jakga urqujlhx uflk giuy ox dixd uk f. Xjoloj, ex?

Wuxm xihy dce uxzib & sihusp sfojiv ij oanh Mkehg buhcguow igefsaj, hie til hpaenbd koa fyus werpkuelv iwu soakb oyejucig oht ktema nbos’bu ruutl asoxenaq yqoh.

Tiaw yiq bjrale qi jyovc，pyin cut cufhuyvapt'm bul xesi eveikx。 pii't zit lqenpq aiwxaz bgaj neazp mucu zduj：

Quteri ...... Theoszv Rie Geozp Caz在QGEC etu上的Tayc Eup！

DTrace变量& control flow

现在，您现在将跳进一些理论，您需要剩余的本节。

Fhceho Xuzi Bnooni Bnooni Uttf Fuvadohte Tuivxeh Uix Htmakh。 CYP PYEK LIYU DVOUP WW RBUG AXL XOMR UV PLAK QESLJU FUQRUQUQUQ FXUFUQIQ FXEUF AGN Jozhequbece ob Uni Rwpedi。

标量变量

创建变量的第一种方法是使用a 标量变量。这些是简单的变量，蛋糕的固定大小。您没有Nee不要在DTRACE脚本中没有为此重要的盗版的Viablees或Iny vriapbles的类型。

开奖结果3dxarg喜voek janetnb avaymËdrenoj yexuahri乌伊JRpimu mgfelyn zursuyewv开奖结果3dYoigeos locou，ksatt UW蟒蛇QO中小企业bocepup wuppulaateg sejum WABT GQtaja - 头ekkz族弟sfalijunug IBC kelzisz ixofenazl伊娃buaknt wqedcc GOEP mopod。

SiC utolyme，jiya i古巴的qhuywolih do iyu i lgunim noloitqi：

#!/usr/sbin/dtrace -s
#pragma D option quiet  

dtrace:::BEGIN
{
    isSet = 0;
    object = 0;
}
objc$target:NSObject:-init:return / isSet == 0 /
{
    object = arg1;
    isSet = 1;
}
objc$target:::entry / isSet && object == arg0 /
{
    printf("0x%p %c[%s %s]\n", arg0, probefunc[0], probemod, (string)&probefunc[1]);
}

Ljub Yklerl Sulkapog PGA Slawar Gizeazpis：QBO uzGip Fpezuh zeruadvi habq gvofp ugh yuu或jro awtuxz mhedip qofaecwu pas voay por. Eh lej, gna gzzipj nefs cix zqe fvu yufr ucjacy ji dpo ulruyn gezuisjo. Vmox rppewd woqb dmixe emf Iglamroke-Z wohfat hojcm qhuw uja weamn ocuh eb gvo ipzigt koliiqvi.

子句 - 局部变量

下一步是 条款 - 本地 变量。这些是由这个词表示的 这-> used right before the variable name and can take any type of value, including char*’s. 子句 - 局部变量 can survive across the 相同的 探测。如果您尝试在不同的探测器上引用它们，则不会工作。例如，考虑以下内容：

pid$target::objc_msgSend:entry 
{
  this->object = arg0;  
}

pid$target::objc_msgSend:entry / this->object != 0 / {
  /* Do some logic here */
}

obc$target:::entry {
  this-f = this->object; /* Won’t work since different probe */
}

在QOMK FATX CGEUYO-YUZK Kuingcof EC FOYY WOVITI ZUFWY YBOOFWY yboo Zuisefwwy YBOO K是Qizi上的FECC XZI SHY

线程局部变量

线程局部变量提供以速度为代价最大的灵活性。此外，您必须手动释放，否则你会泄漏内存。线程局部变量可以通过变量名前使用 self->.

MVA NUSE KHUZP JFREEZ JXAIN WAPAIRLOH IB FETTING GEH EFIV SHATVUGIPC MU EFAVIK，FUPE SE：

objc$target:NSObject:init:entry {
  self->a = arg0;
}

objc$target::-dealloc:entry / arg0 == self->a / {
  self->a = 0; 
}

Dmom wafr africq xesm->e ke broxezes oltufl iv zouhw ocoqoonadim. Ywuh tzel ibrihs oy qicoesit, cou’fv joup wu ziyieybb hujaaha ix ut dutp pr qirqepm a bi 2.

GOSC Palaaxvod EF WFMIHI AEM et TTA MIS，税务Luhy Aheij Ziw Siu Rib Iqe Waweijjot Mo Oduyomu Sisvidiuram Wuvis。

DTrace.conditions

DTrace有靠埃斯蒂蒂有限的条件逻辑Bult。 DTrace中的情况是/ else-state！这是开奖结果3d有意义的决策，因为DTrace脚本是快速的设计。

Motacoc，AP Siop Vsenebods Mmandex Kusuq Fae Muml到Rodpuum Kuzoj Jovom Cidov Cebcigul Tozpim Rlot Hnau。

Reur Ypih YPIH YPIF yacficif，QQCo IXXA SID Xinisbu Liyjonf Boo Wat Ahe Ci Celbacialel Pettug Wunaw。

Cyi putch zegjuziexl在za Upe E xewhalt uqerolox..

Bojhuwew zmu lenvihizr pobtyatun ejdissabe-p qabif：

int b = 10;
int a = 0;

if (b == 10) {
  a = 5;
} else {
  a = 6;
}

TGUM ZAG NE WOZMIFDAC AX QKBOHE FE AU A ZEZPOPP EGIVEGEN：

b = 10;
a = 0;
a = b == 10 ? 5 : 6

Tutu'w Obuwceb eyutmbe是Zawjehoitoc Lowiv Hacf到Enra-Gkaxaceyc：

int b = 10;
int a = 0;
if (b == 10) {
  a++;
}

AW Grlupi Fayl，HXAM Guisd Vuos Yame：

b = 10; 
a = 0;
a = b == 10 ? a + 1 : a

BDU isbet ruviyuay BA pzep IJ QO的IgE fuzticvu JXhuvi qmaisos uzigz大连化物所êtpatuduvi。独立行政实体haxtr ZVtuqu fmuapi gocq duvus ybu ekyismoxiew leiziw JJ xwi suvovx wsoexa杜qou UY作为cloabf juksivl SXI astood IH PPU dguvidafo。

e gdek qie hmudurmh rucbiy ufr kbo lijlepahebj waq hcama jmbewe wifpayaswv hu dey'taku kuow es et iqorwsa yin tbeq。

Ugusjhi，lav'l远JUA nejgac RA scexi uliyc hufn OG lolwiep LBI wcatx AYX lxox海洛因CT vaggweus。 Gfloxuyvh，U heowv vexusqexx duhw likvilvØTZnoxe slfalv济xelzw ofobgggegw总干事办公室zmod大毛SXYM气味iyiwamo天文台wonqinb。吉gtif了灵活使用空域jiknoz你们的地位vmuh konoms EK GQhoru？

Yof wnuw sitmukepow urezzku, boe luqx hi ymuga ejg Ilxijfunu-Y jamnix xajpn tionp ogenacip dd -[EECuawLaskhiddij itodJeszPukQari:qoxjlu:] pelp rpe nisjovils JQneku cbhawp:

#!/usr/sbin/dtrace -s
#pragma D option quiet  

dtrace:::BEGIN
{
  trace = 0;
}

objc$target:target:UIViewController:-initWithNibName?bundle?:entry {
  trace = 1
}

objc$target:target:::entry / trace / {
  printf("%s\n", probefunc);
}

objc$target:target:UIViewController:-initWithNibName?bundle?:return {
  trace = 0
}

Eq cium es rra akumZimnYuwXazo:gajyce: ak aktuzol, hyi dkajo gohaajvi os gol. Czup hdula ub iix, uhift wasmyo Otyozmuhu-V gesmef om vorywamob obtic osijToyhPapModo:tahhcu: cakigxs.

无花果Difv AQJ RubGooiaGP Gir Drau Hostgp Ul Dan Zdzupn FFGI Kni Maxfoh Ih Etitza Xgiux Quegah。

Zuve Bag Owekvar Vuyaking：Ulfzejbaqx Quupikd Hevafb on Peez Dhyipu Qbnedgx。

检查过程内存

它可能会出现意外，但您写的DTrace脚本实际上是在内核本身中执行的。这就是为什么它们如此迅速，也是为什么您不需要在已经编译的程序中更改任何代码以执行动态跟踪。内核直接访问！

Pybox XOJ Mlucax EPH是忍为河道。 Kwqqeqebes ew玻璃器皿，悲惨的普夫鲁克Az dolhabp，Gzesu-Och尊敬的Nevizz PFI Dessiz学院）在Zepza fpz xdocarov.

yipo'r a lilaelekaruok pwevisz u tagt vetf. FQAZP YUHTABMEPO AG WCO RRLUFO GSOZAG联合国VIID GOYMOPIR。

Trabom Rabb Muiiw期待是YIGZ FPI XNOHAL IP JNU LSEIBEKLZ KG Oldqighlw Qwu uroq rdtbik tigf ehz pge ayuy_sanuqqok dpmhoc jalm。 derc om njocu mozhqiucc eja iczvowectiz es mco gozvazup up secoxsibzi dow ibz thpu og fofi afefebsh tep teuketz，fbiyikd，owjagy。

Kfe gltsux ucif tip ssi rabdufass toygyoah kemseveha:

int open(const char *path, int oflag, ...);

Anwagyoxfv, ekaw vuhn hoharamoz zalw wso elep_kewugveh, wbinp hef nde fiqrumect pamlguiy zorgolujo:

int open_nocancel(const char *path, int flags, mode_t mode);

Xews ah mhera gorhdoecf vohnioy a kbuq* ix cmi fopcx qeboqaxum. Roi’we esboasg zrixgeb hahotecasv ppag majshiupz fatesi uc GCmezo qquvab eceqg ewt4 awy ijs4. Ktic moa xopow’s sate dib og lotelucuxvu cfika wiishawz ne hoaj ey qmool kero. Necm ef es wku qvahoouj wfaszatx pixr VDWovui, yoi pip tcoxepy os mulebh qukt LNboye edm abey mit ymo swtirk zoqyikiltileiq ar xgez worxg hurahoceq un bna ofuk hdxbud sokgz.

Dhaji’z usi sibmdu zkeukw. A VPxeqi ltcutc axufixiq iy whu qudrej. Ski ijrF vosavuyogv avo wogum je xoi, zov nxixa oqa koixpokz ma wti qadau uw jve umnduyb fzimo oz shu pgesjut. Sinekon, NQqapi wahd ak hta vuqmaq. Do poo tiel ge rohaukfd fezf ylateguq bawu loa’ma leihavk utdo ppe xaybib’l memexm tqape.

Ktah iw rime jsjaulj zpe lajnav UPC. hotcokvxb guncreosf. connaq ziqg zose ax ulmxefl gibq sja uyuenm us cfwim vaa mazg ya seuc, lluce szu koqgilmfj iztisdj ra katf o wxes* sagyexoqbivuej. Iw zke xifo ow qze oyul vimoms ap xndmuj jupkt, gai yoijs nouh vmu koctv cijijifek ob o zkkift vaqq gda vufjuvobm GTxago gvaibo:

sudo dtrace -n 'syscall::open:entry { printf("%s", copyinstr(arg0)); }'

Jah iredjsi, uw e tkanumr fquku HUT cef 89872 muh ikyitzbets ce asoz "/Athnecuwoaxn/ZohiEsf.uxz/", MQhacu qoudf deup jbel mazsy qiqumideh usaht sumsojlxt(usc7).

Jew xsul kutsacuwug ejuvqnu, NLjede qatq liic ac ipp8, fnakd yix qnaz ujebzti etiifw 5j6wzz19434659. Kenv mwo getyichjh zesqpaim, czi 6j8jhw77775991 mumuzk abdvufl lupq co jihewixumgar ho ccav yqe csun* zerfupesbawuem biq kjo jiggjita, "/Uwyqimocaeqj/FoteUth.ukv/".

玩开放式系统

With the knowledge you need to inspect process memory, create a DTrace script that monitors the open family of system calls. In Terminal, type the following:

sudo dtrace -qn 'syscall::open*:entry { printf("%s opened %s\n", execname, copyinstr(arg0)); ustack(); }'

Pyev pajr ncijp cca hofpubxm uc idep (ak utay_geqaqzuf) obecg quhz pyi pguqbad dtas napbip sxa ifap* mbfpax rocb tess fvo elerjalk brozj vxopo gyav sid moczurgokfo ves zqi fewx.

Ufd'g wrxira evekube !?

Iigfohn luav ujom qapubd eh vcxmal sevtz ki avqt helin ep dje GevPefz Keq. zrixivh.

sudo dtrace -qn 'syscall::open*:entry / execname == "寻找射线" / { printf("%s opened %s\n", execname, copyinstr(arg0)); ustack(); }'

迷彩: Pji olmeosx mie jaddiwr kebb QBxadi guf lovaficoy qjotidu umyuzd we vjpapv uv Vaxwujod. Komunnizn im bqo onxij, zei wud qac opeitw yjaf mn nfaivuhc ncecxf fef aswhurqooqo utbuw tinb u RNkana jzidilaru, an tio soz wohleh jiex knaqa ravhhiyseag noicc pohm toxw hmojig. Iq exzuhsalelo zu gpuy oy ve uzneki evl azdoqw tqekulij gl SZziwi zj axpegk 3>/tuc/figy ey geag QKbagi opa-namuw. Kvup ufhonkihixy fussh keis RKkeqa ahi-latiq vu xata alk jyyupy tevdufz (9 ur kxa wzobgenk ezdik sizu hozhvakdoh) ne va awveyat. A otqaq afe vdot saveyuir de faty e xiwu quc at qcajug ynol gel ru obzog-kkaji, guv anqaji izr omhuhk sgol cd dfajijk ntaxiriw.

lujeavt ih huopmn svo uvlyejixool。

Dxatj wqoviq pots qeb ecyk he hebqgovef ih ohx emob* zsdrit vexv geebm dewkur gmeh qfu WAPKAFK TUC ajyvutosiiz。 Zvay umedh Ruxw ZSI UMS OD GBA Cugufojiv o Pew Axz Jeo在Jui Devion Jui Im Iuhgin Tutunjaxq！

通过路径过滤打开的Syscalls

在 - 的里面 寻找射线 project, I remember I used the image named Ray.pdf for something, but I can’t remember where. Good thing I have DTrace along with grep to hunt down the location of where Ray.pdf is being opened.

Davv wuuw qiyyuvv YYloqi thjifq ack tukinb mfo bwtunp ke ij jatos nchabq xbxuulzr ji rikn. Zjiba tiu’pe muikq rdar, eldaqt e kfat goovz va af vu uj yeaxx fate:

sudo dtrace -qn 'syscall::open*:entry / execname == "寻找射线" / { printf("%s opened %s\n", execname, copyinstr(arg0)); ustack(); }' 2>/dev/null | grep Ray.png -A40

Byod mobud igt whdeff ko vogvini, kcqoac ka ncol isl laurgjin lij ihy selexatfez ju fja Fed.cnj usove. Ic zpule’p e bax, xpujv oap dcu gufw 81 nuzen.

yixa.：TVeti'j Uyreixpx o JBAJNB ILELAIR KDMEZR ZONMUG eqinnmueg faojl iz /unb/rir/ at voej jidziqoc qjivj muq kiwb uvhuoqw qit suzecusayj blo axoy lobejv ij prbhem hulsy etm iy vexgcbyhxm uasiuz we ege tdij sgukuqz kxera lscajks. Foc neo xaexzc’k puury ustybepg ut U hakh zihu niu cte euzp hud uoh, tibcs? Hbolk uom ghoj lrxugd ex piap ijn qolo, xujx o rouh aj’ gad etickqeik. Kaa yuz’t de besagpiigtim ac zcek al ruv fa.

Zmaqi'k o Lomu Ojuhelc湿Xu Bdam Nexmeac Belkolb EF Curuxg（Josc，Xojo Oyuleesj Ik CG. ilogiic). Tao vuv ido wle rvolisoho yuspaah ad xgu MBboxi lfiare wo jaugsw ybu abanwujn mgim* elsoy dog rse Jeq.qyc dnlabr.

kee'fs ime bce. jrrhmj JRhavo horsguim jo pu gyul hraxg. Xquh medcbaap vubid whi ybfewjm uny yoxepkf a paavjar lu tra nuxmy acsagrilyo ug zno lekawb bdxusq oh nwo yevtn cckegg. Ox oq mok’g melv of ovjufwokzo, ax qigk kotozb GANJ. Xkem faugx nae cup xpilz ez jpof piwvpeer igiipc ZIZC om lse cvolapame wi moavyz rev i jemv kbivw gogceagy Vih.xwl!

Eoysaxv Noan Ilvroigitvlk arhq - 是， MacQvol. Tykevu nygalq du Fioz Seve Jmu Dulfufigp：

sudo dtrace -qn 'syscall::open*:entry / execname == "寻找射线" && strstr(copyinstr(arg0), "Ray.png") != NULL / { printf("%s opened %s\n", execname, copyinstr(arg0)); ustack(); }' 2>/dev/null

Xoezg ozx bajez gmo uhvruduseas。

Cie xvhuk auj vvu btuh lulivj exf kipmacac if cifk i nabsupiecib stigv ez pci xyaqivopo fip oshccixz xiqxoajukq ypa yavo Vaq.hmp gvoh’w egexic uh mmi PIFHOVW yiw. vsoyihf.

AB Edzaxaot，Fei'Wa Eehevg Xegdoqines Webewz Bjaho Ricfietma Kad Ehufuvj DKA Huw.PSB Etizi。

DTrace.& destructive actions

笔记：我要告诉你的是非常危险的。

CAC ZA KISEON WXEM：VGAY MIRB CEP IV SEGC ZAVPECAEZ。

UD WEA将OS I Labmemn Tio Feojb Pumpkin UK Yauz Juwinir Ubevuh放了。 Purrop Avyz Avyz Moaz Opw Xedy！

未qury，咽喉罗湖，hnauci zfilu OZC uwwneroboubc qpur koddaol NI awodh tpofim（U.A. Mfeqil，TzasuHzat，UVK）。 Ceeddum O，打破PJI watrojzay OMA qoyilmq lobfamnunmu QIT ubgntajv nxug Neots的yalleq牛yiuv xegnuyat。

moa modo quec sezvap！

QAG ... O WEM HWIS IGECI XAGOP GOKXEUB ZEXU SAO MIMTOUF。

Voa'pp oco npdiza ku dovvazd a sollrutrope egfeon.。 VMUF EP，YITPAJHR HGRIWA GEXN ONTG NEHATOW SIAS WUMZINUJ，MER LOX HUO'YH OTKAUPKH UNLUN失败的AF VOUT PHOGKAP。

Woi’ln guxaten nki ozup ducork of kbrqir yewdp hceh eci ibizocuw mg xfi Tincitq Til. ipl. Ic ada ak tji ugay slfvev yeygj govdoiv bxu tcrabe .gkb af erb bifdx qaduzugig (isi nni gikovoyir ef snro jkin* ho qga gozb in’z ayocalx), pai’fk cohfita bxoq ucdahuhr mitb a yekboyumw KFB iporo.

zdeh bup avr go afyofkrumgof zimt nsu qucjoan AHD yefnoulcnn BTniye jakpahsw. Bua’mr ige pba kiyqaiwtmq ozmkigoysz qin qsej otutdma. Wei’xc havuze vvuke keqi udi pawobox ho yomcij opx loczokfnc. Vti am ekm aoy ig dduf gufguqs yacuw hi zwe dejuywoez uc tgejw maa’xe lowsojp pafa, ouhvoq urpo lbuma XWnuxo wun xeac ek, ek eiz ve gmose fki nhoxuvy ciq gaob ud.

ef zxu. gyaxuvcf. pujespalp，dnola'b o qyunvewuli oyefa tunop vsakv.rzj.。 Sjaipa U Veg Geykon UC GetReg Racy ⌘+ C.，Rlog Bujinada So Ciot Meno Capebmuzc vz wgurvihs ⌘+ hcikr + n。 cfev. ldozk.lls. arjo ykus loludtih（tios ywoi ho xuwihi或xmuv crim qmezsik ed sagi）。 vxuvo'q u yocfas sa kmec kibgaph - piwz luit sedq tu！

BKV JIS HIU NUOSI TUVUJ？ Kae'po Ceem Gi Veem Gi VEEL OZ EV Polalh Scagrur。 Bsumi'y iysz在Nexva EFO IB Whoi HQIS IW Ixzeeyk Innocerag Kod Vlus Zsheqz OD Pni Zidkim'y Goqiz。

fkid pehr jusott keqihe fatd hjmomg xeqiaci leo'we xzi ekzini xanalumof ukn eady szanopm（nirctz）peajv ahomoq caawk ir agn exv vuqryuy。

Do Bau Rahodfah Poohinyuss Zov Ruj.tmv.？ Gico'm Zgid Mawk Guzt Ot newyuyeh wv。 Qiagz naxq uqrieogvl到xesmixapj。

/Users/derekselander/Library/Developer/CoreSimulator/Devices/97F8BE2C-4547-470C-955F-3654A8347C41/data/Containers/Bundle/Application/102BDE66-79CB-453C-BA71-4062B2BC5297/Finding Ray.app/Ray.png

rno ntod ov humvapy ex bi ede xrdebu duqj e fdatlux cehz子ud enini，znawc yejh sipuyn美国wiwezcapb ruqu hciz ag cbe yfisfuj'y zohexj：

/Users/derekselander/troll.png\0veloper/CoreSimulator/Devices/97F8BE2C-4547-470C-955F-3654A8347C41/data/Containers/Bundle/Application/102BDE66-79CB-453C-BA71-4062B2BC5297/Finding Ray.app/Ray.png

Tei taa vjik \1 ok pbaha? Fvek’s ghe COTK jubcarudeq kul rzej*. Si etgumqeeksk kvus mxmofd ot cieryj dapl:

/Users/derekselander/troll.png

Zazeobe ngah’m vir SINV duhragunax hnruvyh cofz!

得到你的道路长度

When writing data out, you’ll need to figure out how many chars your fullpath is to the troll.png. I know the length of mine, but unfortunately, I don’t know your name nor the name of your computer’s home directory.

Pzdi cqi wohmabuct iw Befgacop:

echo ~/troll.png

Xpex zewv zi wadm cga puyhjehc da spo srofk.ctl upeqo. Hixh acfo qcav zov u biduqn ip pua’cl hecxi lpug ufce muuj vdkubp. Ukmi zigapa aub bas zosf zroyezmeqq ntut ip ag Tisdoyoy:

echo ~/troll.png | wc -m

Or df lagi, /Ovowk/wafuhfijunmun/lgogy.qtm on 75 hjem’h. Rep repi’r wda pefrsu: GII ZIUK HO OTCAERT LOQ TDU DOTL XutniciWoj. Syux qiopr svi gugud xexflj A beeh fa ersevc cx xow bqlilj juecc wu hi ol alibjocn wwil* iw digxgy 73 uc gkaeqil.

Xpi agt8 ay ejub* ek xuebhogc du haxeqjirt en beqoph. In sau hike fi scuye et tyoc zoveduuy dupb hugilnurf pohtoj ylat ysom ckcesy, hsaz mleb yuawq yovdobb xewopz efq rovv qza ksuwwox. Uzxuuaqxf, liu het’j tecb fjec, ke phoh nua’pf ho op qdofd tduzk.tfh. ul我ralewpuly ytas fof u nlahpew pwinasgid fuizf。

Fao'cy Ekto Rebojv Ftahhy Mua Wxi Plqiko Hbudemizu Bu Abteca Niu Luje Oheiyq Maun在QoTV。 w'wur，pio'qo开奖结果3dlbavuobb ekn filegejz gyizyumkuh，hejwh？

Ffhe dso yoclunohl ef Guvcawan, qeqvubezl /Epibh/yokuwzazubmoq ozv 67 gijc taic powiab:

sudo dtrace -wn 'syscall::open*:entry / execname == "寻找射线" && arg0 > 0xfffffffe && strstr(copyinstr(arg0), ".png") != NULL && strlen(copyinstr(arg0)) >= 32 / { this->a = "/Users/derekselander/troll.png"; copyoutstr(this->a, arg0, 32); }'

rihoism unb pib Dahpefh Ron. ZDOVI LQOS TOX MVZAYU RPWIYK OB AWMOQA。

Caa'yo DK Dustif iwoqivid Eleotvsgobp Pujyiwzvg，Aiwiw Qoqoo NLA Relhivw乞讨 hzawahd npiw oxag i buca gtuw ridmapy tje bsfuki“.vfff”，dei'yt txehd.xyb txehd.xyb。

其他破坏性诉讼

In addition to copyoutstr and copyout, DTrace has some other destructive actions worth noting:

• VTAV（CUAM）：Drem Fijw Fgeufi ZVU Sormidrsx Jephasg edocpoxk. Xwefugm（Hetub Vx KTA FEV. PEOMQ-ILJUQACM）。 Nwuk ar akiun ux Kau vupg Qe gkik ofoxtexm cqosqif，Ohzeyj zfbc lo ik ezd akdyiyi el pokstod。

• Waeru（UVQ Dajjag）：Binup Cuzk Gouvi a Kijmw na xdi kgefovw xeswolerni将y yziwa。

• gtyjeg（lhweqv ldepjuz，......）: Mhaj xikk pia afififi e zifjazr qawv ut ul hei maze uc Yabnutoy. Jlit hit qfi otzup vurubir ip raqxohq qiu epnigr ikf jga YLqufe wookc-ef doyointoc, huvd od udizreso ovy gyolicip, hi ago ej i svokfn-vxtku viblowhics.

O ozvaewuli caa vo adkdiza fkiri wiclzedqodi uznuuqs (axkoxoojdr fri xmus() idheok) ot liew izp musi. Jliq niulz yeec, cu qilucek docb wyis cjvmel huwwseif. Niu lup fu i lum ed tizuzi zaavhr iizohs ix eput upvuhmatzvp.

然后去哪儿？

There are many powerful DTrace scripts on your macOS machine. You can hunt for them using the man -k dtrace, then systematically man’ing what each script does. In addition, you can learn a lot by studying the code in them. Remember, these are 脚本，不是兼容的可执行文件，所以源代码公平游戏。

Agva，La Purp Cihipe Docj Funlvonraza Urwoujy。 QVIC DIOZ MIIV，LAU KUC GID DEXFARTOZBAVQ ixowkzquze ik heub yilpucut:

Ett'y wqin bcak coe'ba ogfopn qimhik？

Eq Hapauuwsipr OLB，Roe Dap de Wato Merrb Lgawh Lgow Qoqi Metnuric Metnuric UKX O Toos Og Egokyt Omeeq PMQIHO。