.TH whatexec.d 1m "$Date: 2015/09/30 22:01:09 $" "USER COMMANDS" .SH NAME whatexec.d \- Examine the type of files exec'd. Uses DTrace. .SH SYNOPSIS .B whatexec.d .SH DESCRIPTION This prints the first four chacacters of files that are executed. This traces the kernel function findexec_by_hdr(), which checks for a known magic number in the file's header. The idea came from a demo I heard about from the UK, where a "blue screen of death" was displayed for "MZ" files (although I haven't seen the script or the demo). Since this uses DTrace, only the root user or users with the dtrace_kernel privilege can run this command. .SH OS Solaris .SH STABILITY unstable - this script uses fbt provider probes which may change for future updates of the OS, invalidating this script. Please read Docs/Notes/ALLfbt_notes.txt for further details about these fbt scripts. .SH EXAMPLES .TP Trace execs as they occur, # .B whatexec.d .PP .SH FIELDS .TP PEXEC parent command name .TP EXEC pathname to file exec'd .TP OK is type runnable, Y/N .TP TYPE first four characters from file .PP .SH DOCUMENTATION See the DTraceToolkit for further documentation under the Docs directory. The DTraceToolkit docs may include full worked examples with verbose descriptions explaining the output. .SH EXIT whatexec.d will trace until Ctrl\-C is hit. .SH AUTHOR Brendan Gregg [Sydney, Australia] .SH SEE ALSO dtrace(1M)