Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Detailed Program Monitoring?

M

Mork

macrumors 6502a
Original poster
Jan 9, 2009
539
34
Is there a utility that will monitor everything a program does?

For example, if you start a program and it creates a temp file and writes something to it, connects to a remote server, etc., I'd like to see those events. I'd like to know the path to the temp file and really get a dump on everything that program does.

Not sure anything like this quite exists or if it does, I've never heard about it.

Thanks in advance,

m
 
Well, though it isn't some shiny GUI application for permanent background monitoring, but whenever you're after such kind of information, DTrace is your friend. Check out the man page of the command line tool dtrace as well as some additional resources, especially those from Brendan Gregg.
http://www.brendangregg.com/dtrace.html
http://www.brendangregg.com/dtracetoolkit.html
or many others - few examples with some simple descriptions:
https://opensourcehacker.com/2011/1...-applications-what-they-do-and-why-they-hang/
https://blog.8thlight.com/colin-jones/2015/11/06/dtrace-even-better-than-strace-for-osx.html
In your case you'd be looking for syscall information - open*, write*, close*, connect* and few others.

There's also some GUI tool for DTrace included in the Xcode. It's called Instruments.

Note that SIP may prevent you from attaching to processes of some programs. In that case you'll get a message like:
"dtrace: failed to grab pid NNN: the current security restriction (rootless enabled) prevent dtrace from attaching to an executable not signed with the [com.apple.security.get-task-allow] entitlement"
 
  • Like
Reactions: NoBoMac
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back