STAPPROBES.KPROCESS

NAME

DESCRIPTION

This family of probe points is used to probe the kernel's process activities. It contains the following probe points:

kprocess.create

Fires whenever a new process is successfully created, either as a result of one of the fork syscall variants, or a new kernel thread.

Arguments:

task
  a handle to the newly created process

new_pid
  pid of the newly created process

kprocess.start

Fires immediately before a new process begins execution.

Arguments:

N/A

kprocess.exec

Fires whenever a process attempts to exec to a new program

Arguments:

filename
  the path to the new executable

kprocess.exec_complete

Fires at the completion of an exec call

Arguments:

errno
  the error number resulting from the exec

success
  a boolean indicating whether the exec was successful

kprocess.exit

Fires when a process terminates. This will always be followed by a kprocess.release, though the latter may be delayed if the process waits in a zombie state.

Arguments:

code
  the exit code of the process

kprocess.release

Fires when a process is released from the kernel. This always follows a kprocess.exit, though it may be delayed somewhat if the process waits in a zombie state.

Arguments:

task
  a task handle to the process being released

pid
  pid of the process being released

SEE ALSO