
Debugging using system calls in Mac OS X - bryceneal
http://bryce.is/writing/code/macosx/debugging/udp/sockets/dtruss/dtrace/eaddrinuse/2016/07/30/debugging-using-system-calls.html
======
danieldk
One thing that the article does not mention is that dtruss is also just a
DTrace script (well, a DTrace script in a shell script ;)). DTrace comes with
some other nice scripts (iosnoop, execsnoop, opensnoop, etc.)[1].

But you need to disable some portion of the system integrity protection:

[http://stackoverflow.com/a/34616033](http://stackoverflow.com/a/34616033)

[1] [http://dtrace.org/blogs/brendan/2011/10/10/top-10-dtrace-
scr...](http://dtrace.org/blogs/brendan/2011/10/10/top-10-dtrace-scripts-for-
mac-os-x/)

------
chmaynard
I love articles about expert sleuthing, especially when it involves low-level
code. I hope the author shares his discovery with the Go engineering and
documentation teams, perhaps via bug reports.

~~~
kangman
If you're into that there's a whole conference on dtrace you should check out
called dtrace.conf

------
0x0
Meanwhile, if you try to run the system lldb on the system ruby interpreter on
OSX, you get this:

    
    
      % lldb ruby
      (lldb) target create "ruby"
      Current executable set to 'ruby' (x86_64).
      (lldb) run
      error: process exited with status -1 
      (cannot attach to process due to System Integrity Protection)

~~~
GuiA
Reboot in safe mode (⌘+R immediately after booting), open a terminal, run:

    
    
      csrutil disable
    

Reboot.

    
    
      -> % lldb ruby 
      (lldb) target create "ruby"
      Current executable set to 'ruby' (x86_64).
      (lldb) run
      Process 436 launched: '/usr/bin/ruby' (x86_64)
    

I for one am glad that it's now much harder to scam my grandparents.

~~~
0x0
That disables a lot of useful protections, seems overkill just to be able to
trace a ruby script :-/

~~~
ptomato
You can also disable just the relevant bits - `csrutil enable --without debug`
would probably do the trick here.

------
mkagenius
Great tools, I should try to use them.

In this case could it have been done by lsof ?

------
callesgg
"UDP connections"? UPD is connection less.

~~~
thwarted
It is possible to have a "connected UDP socket". It is one that is already set
up with a remote endpoint.

 _if you connect() a SOCK_DGRAM UDP socket to a remote host, you can use
send() and recv() as well as sendto() and recvfrom(). If you want._

[http://beej.us/guide/bgnet/output/html/multipage/connectman....](http://beej.us/guide/bgnet/output/html/multipage/connectman.html)

------
cheez
I often wonder why I don't come across bugs like this but then I think to
myself "I'd never write code that closes a socket until all writes and reads
are done."

So the question is: how do you do that in Go?

