aboutsummaryrefslogtreecommitdiff
path: root/Examples/lastwords_example.txt
diff options
context:
space:
mode:
Diffstat (limited to 'Examples/lastwords_example.txt')
-rw-r--r--Examples/lastwords_example.txt81
1 files changed, 81 insertions, 0 deletions
diff --git a/Examples/lastwords_example.txt b/Examples/lastwords_example.txt
new file mode 100644
index 000000000000..5452d2e36f25
--- /dev/null
+++ b/Examples/lastwords_example.txt
@@ -0,0 +1,81 @@
+The following is a demonstration of the lastwords command,
+
+
+Here we run lastwords to catch syscalls from processes named "bash" as they
+exit,
+
+ # ./lastwords bash
+ Tracing... Waiting for bash to exit...
+ 1091567219163679 1861 bash sigaction 0 0
+ 1091567219177487 1861 bash sigaction 0 0
+ 1091567219189692 1861 bash sigaction 0 0
+ 1091567219202085 1861 bash sigaction 0 0
+ 1091567219214553 1861 bash sigaction 0 0
+ 1091567219226690 1861 bash sigaction 0 0
+ 1091567219238786 1861 bash sigaction 0 0
+ 1091567219251697 1861 bash sigaction 0 0
+ 1091567219265770 1861 bash sigaction 0 0
+ 1091567219294110 1861 bash gtime 42a7c194 0
+ 1091567219428305 1861 bash write 5 0
+ 1091567219451138 1861 bash setcontext 0 0
+ 1091567219473911 1861 bash sigaction 0 0
+ 1091567219516487 1861 bash stat64 0 0
+ 1091567219547973 1861 bash open64 4 0
+ 1091567219638345 1861 bash write 5 0
+ 1091567219658886 1861 bash close 0 0
+ 1091567219689094 1861 bash open64 4 0
+ 1091567219704301 1861 bash fstat64 0 0
+ 1091567219731796 1861 bash read 2fe 0
+ 1091567219745541 1861 bash close 0 0
+ 1091567219768536 1861 bash lwp_sigmask ffbffeff 0
+ 1091567219787494 1861 bash ioctl 0 0
+ 1091567219801338 1861 bash setpgrp 6a3 0
+ 1091567219814067 1861 bash ioctl 0 0
+ 1091567219825791 1861 bash lwp_sigmask ffbffeff 0
+ 1091567219847778 1861 bash setpgrp 0 0
+ TIME PID EXEC SYSCALL RETURN ERR
+
+In another window, a bash shell was executed and then exited normally. The
+last few system calls that the bash shell made can be seen above.
+
+
+
+
+In the following example we moniter the exit of bash shells again, but this
+time the bash shell sends itself a "kill -8",
+
+ # ./lastwords bash
+ Tracing... Waiting for bash to exit...
+ 1091650185555391 1865 bash sigaction 0 0
+ 1091650185567963 1865 bash sigaction 0 0
+ 1091650185580316 1865 bash sigaction 0 0
+ 1091650185592381 1865 bash sigaction 0 0
+ 1091650185605046 1865 bash sigaction 0 0
+ 1091650185618451 1865 bash sigaction 0 0
+ 1091650185647663 1865 bash gtime 42a7c1e7 0
+ 1091650185794626 1865 bash kill 0 0
+ 1091650185836941 1865 bash lwp_sigmask ffbffeff 0
+ 1091650185884145 1865 bash stat64 0 0
+ 1091650185916135 1865 bash open64 4 0
+ 1091650186005673 1865 bash write b 0
+ 1091650186025782 1865 bash close 0 0
+ 1091650186052002 1865 bash open64 4 0
+ 1091650186067538 1865 bash fstat64 0 0
+ 1091650186094289 1865 bash read 309 0
+ 1091650186108086 1865 bash close 0 0
+ 1091650186129965 1865 bash lwp_sigmask ffbffeff 0
+ 1091650186149092 1865 bash ioctl 0 0
+ 1091650186162614 1865 bash setpgrp 6a3 0
+ 1091650186175457 1865 bash ioctl 0 0
+ 1091650186187206 1865 bash lwp_sigmask ffbffeff 0
+ 1091650186209514 1865 bash setpgrp 0 0
+ 1091650186225307 1865 bash sigaction 0 0
+ 1091650186238832 1865 bash getpid 749 0
+ 1091650186260149 1865 bash kill 0 0
+ 1091650186277925 1865 bash setcontext 0 0
+ TIME PID EXEC SYSCALL RETURN ERR
+
+The last few system calls are different, we can see the kill system call
+before bash exits.
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-12 06:25:55 +0000