Is there any good way to access structure in user-land?

Question

I want to use Dtrace to get the value of a member in a structure in user-land, not kernel.

The C code likes this:

typedef struct
{
     int a;
}st_A;

void fun1(st_A *p)
{
    ......
}

The Dtrace script likes this:

#!/usr/sbin/dtrace -qs

pid$1::fun1:entry
{
    printf("%d\n", *(int*)copyin(arg0, 4));
}

Personally, I think this Dtrace script is very clumsy. If the structure contains many members, I need to calculate the offset of every member. If the structure contains pointer array, the situation is awful!

So, is there any easy and graceful way to access membesr in a structure in user-land process? Thanks very much!

Answer 1

The more usual way to do this on Solaris is

typedef struct {
    int a;
} st_A;

pid$1::fun:entry
{
    self->kp = (st_A *)copyin(arg0, sizeof (st_A));
    printf("a = %d\n", self->kp->a);
}

but you're right: if you want to follow pointers within your structure then you will have to repeat the copyin() for each dereference.

Remember that you can #include a header file if you invoke dtrace(1) with the -C option. In any case, use -32 or -64 to indicate the data model of your victim process: by default, dtrace(1) will interpret any types you specify using the data model of the running kernel.

I think that illumos's DTrace performs automatic copying-in but I haven't looked at it. I don't know about other implementations.