/*
* whatexec.d - Examine the type of files exec'd.
* Written using DTrace (Solaris 10 3/05)
*
* This prints the first four chacacters of files that are executed.
* This traces the kernel function findexec_by_hdr(), which checks for
* a known magic number in the file's header.
*
* The idea came from a demo I heard about from the UK, where a
* "blue screen of death" was displayed for "MZ" files (although I
* haven't seen the script or the demo).
*
* $Id: whatexec.d 3 2007-08-01 10:50:08Z brendan $
*
* USAGE: whatexec.d (early release, check for updates)
*
* FIELDS:
* PEXEC parent command name
* EXEC pathname to file exec'd
* OK is type runnable, Y/N
* TYPE first four characters from file
*
* COPYRIGHT: Copyright (c) 2006 Brendan Gregg.
*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* See the License for the specific language governing permissions
* and limitations under the License.
*
* CDDL HEADER END
*
* 11-Feb-2006 Brendan Gregg Created this.
* 25-Apr-2006 " " Last update.
*/
{
}
{
}
{
}
fbt::findexec_by_hdr:return
{
}
{
}