2019-03-12 04:37:32 +00:00
|
|
|
|
# opensnoop
|
|
|
|
|
|
|
2021-08-02 09:41:09 +01:00
|
|
|
|
> 跟踪系统中打开的文件标识符。
|
2019-03-12 04:37:32 +00:00
|
|
|
|
|
2021-08-02 09:41:09 +01:00
|
|
|
|
- 输出当前系统内被打开的所有文件:
|
2019-03-12 04:37:32 +00:00
|
|
|
|
|
|
|
|
|
|
`sudo opensnoop`
|
|
|
|
|
|
|
2021-08-02 09:41:09 +01:00
|
|
|
|
- 跟踪给定进程名,打开的所有文件:
|
2019-03-12 04:37:32 +00:00
|
|
|
|
|
|
|
|
|
|
`sudo opensnoop -n {{进程名}}`
|
|
|
|
|
|
|
2021-08-02 09:41:09 +01:00
|
|
|
|
- 跟踪给定 PID(进程号),打开的所有文件:
|
2019-03-12 04:37:32 +00:00
|
|
|
|
|
2019-10-20 03:34:33 +01:00
|
|
|
|
`sudo opensnoop -p {{PID 进程号}}`
|
2019-03-12 04:37:32 +00:00
|
|
|
|
|
2021-08-02 09:41:09 +01:00
|
|
|
|
- 跟踪打开了指定文件的继承:
|
2019-03-12 04:37:32 +00:00
|
|
|
|
|
2019-10-20 03:34:33 +01:00
|
|
|
|
`sudo opensnoop -f {{路径 / 文件}}`
|
