dtruss interrotto in 10.13.x?

dtruss ha funzionato alla grande in 10.12.x (dopo csrutil disable ), ma in 10.13 ho notato che non funziona più. Per sudo dtruss ls riceviamo solo output come:

SYSCALL(args)        = return

Qualche notizia su cosa sta succedendo qui e su come ottenere il nostro necessario accesso a questa parte?

Solo per chiarezza, il 10.12.6 offre risultati molto migliori:

$ sudo dtruss ls
SYSCALL(args)        = return
open("/dev/dtracehelper
hostname:test root# dtruss ls
testing     testing1    testing2    testing3    testing4    testing5
SYSCALL(args)        = return

hostname:test root#
", 0x2, 0x7FFF5D851A20)         = 3 0
ioctl(0x3, 0x80086804, 0x7FFF5D8519A8)       = 0 0
close(0x3)       = 0 0
thread_selfid(0x3, 0x80086804, 0x7FFF5D8519A8)       = 13508 0
bsdthread_register(0x7FFFB4F6C080, 0x7FFFB4F6C070, 0x2000)       = 1073741919 0
ulock_wake(0x1, 0x7FFF5D85106C, 0x0)         = -1 Err#2
issetugid(0x1, 0x7FFF5D85106C, 0x0)      = 0 0
mprotect(0x1023B9000, 0x88, 0x1)         = 0 0
mprotect(0x1023BB000, 0x1000, 0x0)       = 0 0
mprotect(0x1023D1000, 0x1000, 0x0)       = 0 0
mprotect(0x1023D2000, 0x1000, 0x0)       = 0 0
mprotect(0x1023E8000, 0x1000, 0x0)       = 0 0
mprotect(0x1023E9000, 0x1000, 0x1)       = 0 0
mprotect(0x1023B9000, 0x88, 0x3)         = 0 0
mprotect(0x1023B9000, 0x88, 0x1)         = 0 0
getpid(0x1023B9000, 0x88, 0x1)       = 2137 0
stat64("/AppleInternal/XBS/.isChrooted
SYSCALL(args)        = return
", 0x7FFF5D850F28, 0x1)      = -1 Err#2
stat64("/AppleInternal
$ sudo dtruss ls
SYSCALL(args)        = return
open("/dev/dtracehelper
hostname:test root# dtruss ls
testing     testing1    testing2    testing3    testing4    testing5
SYSCALL(args)        = return

hostname:test root#
", 0x2, 0x7FFF5D851A20)         = 3 0
ioctl(0x3, 0x80086804, 0x7FFF5D8519A8)       = 0 0
close(0x3)       = 0 0
thread_selfid(0x3, 0x80086804, 0x7FFF5D8519A8)       = 13508 0
bsdthread_register(0x7FFFB4F6C080, 0x7FFFB4F6C070, 0x2000)       = 1073741919 0
ulock_wake(0x1, 0x7FFF5D85106C, 0x0)         = -1 Err#2
issetugid(0x1, 0x7FFF5D85106C, 0x0)      = 0 0
mprotect(0x1023B9000, 0x88, 0x1)         = 0 0
mprotect(0x1023BB000, 0x1000, 0x0)       = 0 0
mprotect(0x1023D1000, 0x1000, 0x0)       = 0 0
mprotect(0x1023D2000, 0x1000, 0x0)       = 0 0
mprotect(0x1023E8000, 0x1000, 0x0)       = 0 0
mprotect(0x1023E9000, 0x1000, 0x1)       = 0 0
mprotect(0x1023B9000, 0x88, 0x3)         = 0 0
mprotect(0x1023B9000, 0x88, 0x1)         = 0 0
getpid(0x1023B9000, 0x88, 0x1)       = 2137 0
stat64("/AppleInternal/XBS/.isChrooted%pre%", 0x7FFF5D850F28, 0x1)      = -1 Err#2
stat64("/AppleInternal%pre%", 0x7FFF5D850FC0, 0x1)      = -1 Err#2
csops(0x859, 0x7, 0x7FFF5D850A50)        = 0 0
sysctl([CTL_KERN, 14, 1, 2137, 0, 0] (4), 0x7FFF5D850BA8, 0x7FFF5D850BA0, 0x0, 0x0)      = 0 0
ulock_wake(0x1, 0x7FFF5D850FD0, 0x0)         = -1 Err#2
csops(0x859, 0x7, 0x7FFF5D850330)        = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_COLLATE%pre%", 0x0, 0x7)        = 3 0
fcntl_nocancel(0x3, 0x3, 0x0)        = 0 0
getrlimit(0x1008, 0x7FFF5D851FA8, 0x0)       = 0 0
fstat64(0x3, 0x7FFF5D851F68, 0x0)        = 0 0
read_nocancel(0x3, "1.1A\n%pre%", 0x1000)       = 2086 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_CTYPE%pre%", 0x0, 0x5)      = 3 0
fcntl_nocancel(0x3, 0x3, 0x0)        = 0 0
fstat64(0x3, 0x7FFF5D8520A8, 0x0)        = 0 0
fstat64(0x3, 0x7FFF5D851E98, 0x0)        = 0 0
lseek(0x3, 0x0, 0x1)         = 0 0
lseek(0x3, 0x0, 0x0)         = 0 0
read_nocancel(0x3, "RuneMagAUTF-8%pre%", 0x1000)        = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "@%pre%41%pre%", 0xDE80)        = 56960 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MONETARY%pre%", 0x0, 0x8)       = 3 0
fstat64(0x3, 0x7FFF5D8520C0, 0x8)        = 0 0
read_nocancel(0x3, "USD \n$\n.\n,\n3;3\n\n-\n2\n2\n1\n0\n1\n0\n1\n1\n\b%pre%", 0x22)        = 34 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_NUMERIC%pre%", 0x0, 0x7)        = 3 0
fstat64(0x3, 0x7FFF5D8520C0, 0x7)        = 0 0
read_nocancel(0x3, ".\n,\n3;3\n@$\b%pre%", 0x8)         = 8 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_TIME%pre%", 0x0, 0x4)       = 3 0
fstat64(0x3, 0x7FFF5D8520C0, 0x4)        = 0 0
read_nocancel(0x3, "Jan\nFeb\nMar\nApr\nMay\nJun\nJul\nAug\nSep\nOct\nNov\nDec\nJanuary\nFebruary\nMarch\nApril\nMay\nJune\nJuly\nAugust\nSeptember\nOctober\nNovember\nDecember\nSun\nMon\nTue\nWed\nThu\nFri\nSat\nSunday\nMonday\nTuesday\nWednesday\nThursday\nFriday\nSaturday\n%H:%M:%S\n%m/%d/%Y\n%a %b %e %X %Y\nAM\nP", 0x179)      = 377 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES%pre%", 0x0, 0xFFFFFFFFFFFFFFF4)        = 3 0
fstat64(0x3, 0x7FFF5D8520C0, 0xFFFFFFFFFFFFFFF4)         = 0 0
read_nocancel(0x3, "^[yYsS].*\n^[nN].*\n(%pre%", 0x12)      = 18 0
close_nocancel(0x3)      = 0 0
ioctl(0x1, 0x4004667A, 0x7FFF5D8525EC)       = 0 0
ioctl(0x1, 0x40087468, 0x7FFF5D852C80)       = 0 0
getuid(0x1, 0x40087468, 0x7FFF5D852C80)      = 0 0
fstatat64(0xFFFFFFFE, 0x7FB70C402B98, 0x7FFF5D8524F8)        = 0 0
open_nocancel(".%pre%", 0x1000000, 0x0)         = 3 0
fchdir(0x3, 0x1000000, 0x0)      = 0 0
open_nocancel(".%pre%", 0x1000000, 0x0)         = 4 0
open_nocancel(".%pre%", 0x1100004, 0x0)         = 5 0
getattrlistbulk(0x5, 0x7FFF5D8524B8, 0x7FB70C819E00)         = 0 0
close_nocancel(0x5)      = 0 0
fchdir(0x4, 0x7FFF5D8524B8, 0x7FB70C819E00)      = 0 0
close_nocancel(0x4)      = 0 0
open_nocancel(".%pre%", 0x1100004, 0x3)         = 4 0
getattrlistbulk(0x4, 0x7FFF5D8524B8, 0x7FB70C819E00)         = 0 0
fstat64(0x4, 0x7FFF5D852350, 0x7FB70C819E00)         = 0 0
fchdir(0x4, 0x7FFF5D852350, 0x7FB70C819E00)      = 0 0
close_nocancel(0x4)      = 0 0
fchdir(0x3, 0x7FFF5D852350, 0x7FB70C819E00)      = 0 0
fchdir(0x3, 0x7FFF5D852350, 0x7FB70C819E00)      = 0 0
close_nocancel(0x3)      = 0 0
", 0x7FFF5D850FC0, 0x1)      = -1 Err#2
csops(0x859, 0x7, 0x7FFF5D850A50)        = 0 0
sysctl([CTL_KERN, 14, 1, 2137, 0, 0] (4), 0x7FFF5D850BA8, 0x7FFF5D850BA0, 0x0, 0x0)      = 0 0
ulock_wake(0x1, 0x7FFF5D850FD0, 0x0)         = -1 Err#2
csops(0x859, 0x7, 0x7FFF5D850330)        = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_COLLATE%pre%", 0x0, 0x7)        = 3 0
fcntl_nocancel(0x3, 0x3, 0x0)        = 0 0
getrlimit(0x1008, 0x7FFF5D851FA8, 0x0)       = 0 0
fstat64(0x3, 0x7FFF5D851F68, 0x0)        = 0 0
read_nocancel(0x3, "1.1A\n%pre%", 0x1000)       = 2086 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_CTYPE%pre%", 0x0, 0x5)      = 3 0
fcntl_nocancel(0x3, 0x3, 0x0)        = 0 0
fstat64(0x3, 0x7FFF5D8520A8, 0x0)        = 0 0
fstat64(0x3, 0x7FFF5D851E98, 0x0)        = 0 0
lseek(0x3, 0x0, 0x1)         = 0 0
lseek(0x3, 0x0, 0x0)         = 0 0
read_nocancel(0x3, "RuneMagAUTF-8%pre%", 0x1000)        = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "%pre%", 0x1000)         = 4096 0
read_nocancel(0x3, "@%pre%41%pre%", 0xDE80)        = 56960 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MONETARY%pre%", 0x0, 0x8)       = 3 0
fstat64(0x3, 0x7FFF5D8520C0, 0x8)        = 0 0
read_nocancel(0x3, "USD \n$\n.\n,\n3;3\n\n-\n2\n2\n1\n0\n1\n0\n1\n1\n\b%pre%", 0x22)        = 34 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_NUMERIC%pre%", 0x0, 0x7)        = 3 0
fstat64(0x3, 0x7FFF5D8520C0, 0x7)        = 0 0
read_nocancel(0x3, ".\n,\n3;3\n@$\b%pre%", 0x8)         = 8 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_TIME%pre%", 0x0, 0x4)       = 3 0
fstat64(0x3, 0x7FFF5D8520C0, 0x4)        = 0 0
read_nocancel(0x3, "Jan\nFeb\nMar\nApr\nMay\nJun\nJul\nAug\nSep\nOct\nNov\nDec\nJanuary\nFebruary\nMarch\nApril\nMay\nJune\nJuly\nAugust\nSeptember\nOctober\nNovember\nDecember\nSun\nMon\nTue\nWed\nThu\nFri\nSat\nSunday\nMonday\nTuesday\nWednesday\nThursday\nFriday\nSaturday\n%H:%M:%S\n%m/%d/%Y\n%a %b %e %X %Y\nAM\nP", 0x179)      = 377 0
close_nocancel(0x3)      = 0 0
open_nocancel("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/LC_MESSAGES%pre%", 0x0, 0xFFFFFFFFFFFFFFF4)        = 3 0
fstat64(0x3, 0x7FFF5D8520C0, 0xFFFFFFFFFFFFFFF4)         = 0 0
read_nocancel(0x3, "^[yYsS].*\n^[nN].*\n(%pre%", 0x12)      = 18 0
close_nocancel(0x3)      = 0 0
ioctl(0x1, 0x4004667A, 0x7FFF5D8525EC)       = 0 0
ioctl(0x1, 0x40087468, 0x7FFF5D852C80)       = 0 0
getuid(0x1, 0x40087468, 0x7FFF5D852C80)      = 0 0
fstatat64(0xFFFFFFFE, 0x7FB70C402B98, 0x7FFF5D8524F8)        = 0 0
open_nocancel(".%pre%", 0x1000000, 0x0)         = 3 0
fchdir(0x3, 0x1000000, 0x0)      = 0 0
open_nocancel(".%pre%", 0x1000000, 0x0)         = 4 0
open_nocancel(".%pre%", 0x1100004, 0x0)         = 5 0
getattrlistbulk(0x5, 0x7FFF5D8524B8, 0x7FB70C819E00)         = 0 0
close_nocancel(0x5)      = 0 0
fchdir(0x4, 0x7FFF5D8524B8, 0x7FB70C819E00)      = 0 0
close_nocancel(0x4)      = 0 0
open_nocancel(".%pre%", 0x1100004, 0x3)         = 4 0
getattrlistbulk(0x4, 0x7FFF5D8524B8, 0x7FB70C819E00)         = 0 0
fstat64(0x4, 0x7FFF5D852350, 0x7FB70C819E00)         = 0 0
fchdir(0x4, 0x7FFF5D852350, 0x7FB70C819E00)      = 0 0
close_nocancel(0x4)      = 0 0
fchdir(0x3, 0x7FFF5D852350, 0x7FB70C819E00)      = 0 0
fchdir(0x3, 0x7FFF5D852350, 0x7FB70C819E00)      = 0 0
close_nocancel(0x3)      = 0 0

Per chiunque si chieda se ho dato ALL output, il seguente è TUTTO l'output per una cartella che ho creato chiamato "test" con 6 file "testing" che ho toccato, eseguito come root :