procexp threads on macOS Sierra

Used for discussing the various tools in the book as well as encouraging members to share tools

procexp threads on macOS Sierra

Postby alcroito » Thu Nov 30, 2017 12:22 pm

Hi,

It seems that getting symbolicated thread stacktraces does not work anymore on macOS Sierra 10.12.5. I have SIP disabled.

Here's a paste of what I get when listing the threads for iTerm2 under sudo:


Code: Select all
sudo procexp 415 threads
   PID : 415 (415), comm: iTerm2 Flags: Foreground, Boosted, Live Donor, Donor, WQ Flags avail
   Size: 1330M Max Res: 2283M
   IOStats: Disk Reads: 3481233 reads (879379121152 bytes), 3341959 writes (839154851840 bytes)


      TID: 3086 State: Running  PRI: 34/47 Flags: on core
      CPU Times: User: 31087.084378 secs, System: 2339.369821 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)

ARRAY OF TYPE 914 - Unhandled (yet)
ARRAY OF TYPE 914 - Unhandled (yet)
ARRAY OF TYPE 914 - Unhandled (yet)

      IOStats: Disk Reads: 3107 reads (238605312 bytes), 3 writes (40960 bytes)



      TID: 3825 State: Waiting  PRI: 31/31 Flags: 0x1
      Continuation: 0xffffff8000787b50 (no kernel stack)
      CPU Times: User: 202.071868 secs, System: 347.540002 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)

      IOStats: Disk Reads: 12 reads (2408448 bytes), 0 writes (0 bytes)



      TID: 3826 State: Waiting  PRI: 31/31 Flags: 0x1
      Continuation: 0xffffff80002d08d0 (no kernel stack)
      CPU Times: User: 6.028350 secs, System: 4.054839 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)

      IOStats: Disk Reads: 13 reads (3403776 bytes), 0 writes (0 bytes)



      TID: 3934 State: Waiting  PRI: 31/31 Flags: 0x1
      Continuation: 0xffffff800030f410 (no kernel stack)
      CPU Times: User: 392.887623 secs, System: 822.370348 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)



      TID: 6207 State: Waiting  PRI: 47/47 Flags: 0x1
      Continuation: 0xffffff80002d08d0 (no kernel stack)
      Thread Name: com.apple.NSEventThread
      CPU Times: User: 46.634902 secs, System: 74.231773 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)

      IOStats: Disk Reads: 2 reads (36864 bytes), 0 writes (0 bytes)



      TID: 25102578 State: Waiting  PRI: 47/47 Flags: Idle Worker
      Continuation: 0xffffff7f81015b56 (no kernel stack)
      CPU Times: User: 1.294362 secs, System: 0.267122 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)

      IOStats: Disk Reads: 2 reads (8192 bytes), 532 writes (138412032 bytes)



      TID: 25102579 State: Waiting  PRI: 47/47 Flags: Idle Worker
      Continuation: 0xffffff7f81015b56 (no kernel stack)
      CPU Times: User: 0.797650 secs, System: 0.026612 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)



      TID: 25106078 State: Waiting  PRI: 37/37 Flags: 0x1
      Continuation: 0xffffff80002d08d0 (no kernel stack)
      CPU Times: User: 0.182356 secs, System: 0.007580 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)



      TID: 25106080 State: Waiting  PRI: 47/47 Flags: Idle Worker
      Continuation: 0xffffff7f81015b56 (no kernel stack)
      CPU Times: User: 0.220915 secs, System: 0.008093 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)



      TID: 25106202 State: Waiting  PRI: 47/47 Flags: Idle Worker
      Continuation: 0xffffff7f81015b56 (no kernel stack)
      CPU Times: User: 0.113927 secs, System: 0.005444 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)



      TID: 25106210 State: Waiting  PRI: 47/47 Flags: Idle Worker
      Continuation: 0xffffff7f81015b56 (no kernel stack)
      CPU Times: User: 0.169021 secs, System: 0.006943 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)



      TID: 25106211 State: Running  PRI: 4/4 Flags: DarwinBG
      Continuation: 0xffffff800030b5e0 (no kernel stack)
      CPU Times: User: 0.584912 secs, System: 0.797367 secs
ARRAY OF TYPE 916 - Unhandled (yet)

      IOStats: Disk Reads: 1107 reads (277237760 bytes), 520 writes (131072000 bytes)



      TID: 25106280 State: Waiting  PRI: 47/47 Flags: Idle Worker
      Continuation: 0xffffff7f81015b56 (no kernel stack)
      CPU Times: User: 0.181631 secs, System: 0.005605 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)



      TID: 25106282 State: Waiting  PRI: 37/37 Flags: Idle Worker
      Continuation: 0xffffff7f81015b56 (no kernel stack)
      CPU Times: User: 0.122148 secs, System: 0.003795 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)



      TID: 25106283 State: Waiting  PRI: 47/47 Flags: Idle Worker
      Continuation: 0xffffff7f81015b56 (no kernel stack)
      CPU Times: User: 0.137224 secs, System: 0.003988 secs
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)
ARRAY OF TYPE 916 - Unhandled (yet)


And core dumps don't seem to work either? I can create a separate forum thread for that if needed.

Code: Select all

sudo procexp 415 core
Warning: More than 4096 regions detected!
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
GETTING STATE 7/44
GOT 0
X86
Full core dumped to /tmp/core.415


lldb /Applications/iTerm.app/Contents/MacOS/iTerm2 -c /tmp/core.415
(lldb) target create "/Applications/iTerm.app/Contents/MacOS/iTerm2" --core "/tmp/core.415"
error: Unable to find process plug-in for core file '/tmp/core.415


On an unrelated note, by default the UI seems to update on each arrow navigation, which makes it a bit difficult to get to the process you want, but I guess that's what's mentioned in the man page.

Thanks for the tool!
alcroito
 
Posts: 1
Joined: Thu Nov 30, 2017 11:44 am

Re: procexp threads on macOS Sierra

Postby morpheus » Thu Nov 30, 2017 6:26 pm

Yeah, AAPL changed stack_snapshot_With_config on me.. again.. I'm on it. And I'll look into a "freeze UI" option before navigation..

Thanks for using the tool and letting me know!
morpheus
Site Admin
 
Posts: 531
Joined: Thu Apr 11, 2013 6:24 pm


Return to Tools

Who is online

Users browsing this forum: No registered users and 2 guests