[dtrace-discuss] process snoop (shellsnoop for arbitrary application)
Alan Coopersmith
Alan.Coopersmith at Sun.COM
Mon Mar 24 19:52:12 PDT 2008
Salman Jamali wrote:
> Thanks. I read about X11, and i understand that i'll need to observe the keyPress events, and fetch the keys and associate them with the process that has the keyboard focus.
>
> I have two issues.
>
> 1- I am using the latest Solaris Express Developer Edition 01/08, and I believe it to have all the probes available for Xserver. Running # dtrace -l -n 'Xserver*:::', returns me this:
>
> ID PROVIDER MODULE FUNCTION NAME
> 4 Xserver621 Xorg CloseDownClient client-disconnect
> 5 Xserver621 Xorg Dispatch request-done
> 6 Xserver621 Xorg Dispatch request-start
> 7 Xserver621 Xorg AddResource resource-alloc
> 8 Xserver621 Xorg FreeClientResources resource-free
> 9 Xserver621 Xorg FreeClientNeverRetainResources resource-free
> 10 Xserver621 Xorg FreeResourceByType resource-free
> 11 Xserver621 Xorg FreeResource resource-free
> 12 Xserver621 Xorg WriteEventsToClient send-event
>
> Now, there are a few probes missing here including client-auth for ClientAuthorized. Are these deprecated, or is my system missing them?
There's a bug in Nevada which has caused some of the probes to not be built
into Xorg - unfortunately, I've not had time to try to figure out where in
the compiler/linker/dtrace chain the probe is being lost.
> Secondly, I am trying to understand the xEvent structure to retrieve the key that is pressed. But my approach is more of a trial and error and adhoc. Is there any way to understand xEvent structure and other code more clearly to get to know more about each field, beside the data structures only?
The xEvent structure is defined in the X11 Protocol. You might also find some
description in the old O'Reilly X programming manuals, if you can still find a set.
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
More information about the dtrace-discuss
mailing list