Android 10  |  10.0.0_r6
文本文件  |  35行  |  994 B 

Demonstrations of killsnoop, the Linux eBPF/bcc version.


This traces signals sent via the kill() syscall. For example:

# ./killsnoop
TIME      PID    COMM             SIG  TPID   RESULT
12:10:51  13967  bash             9    13885  0
12:11:34  13967  bash             9    1024   -3
12:11:41  815    systemd-udevd    15   14076  0

The first line showed a SIGKILL (9) sent from PID 13967 (a bash shell) to
PID 13885. The result, 0, means success.

The second line showed the same signal sent, this time resulting in a -3
(ESRCH: no such process).


USAGE message:

# ./killsnoop -h
usage: killsnoop [-h] [-x] [-p PID]

Trace signals issued by the kill() syscall

optional arguments:
  -h, --help         show this help message and exit
  -x, --failed       only show failed kill syscalls
  -p PID, --pid PID  trace this PID only

examples:
    ./killsnoop           # trace all kill() signals
    ./killsnoop -x        # only show failed kills
    ./killsnoop -p 181    # only trace PID 181