Brett Gutstein

Anonymous Tracing for DTrace on OS X

July 19, 2016

If you’ve attempted to use anonymous tracing for DTrace on OS X, you may have run into the following cryptic error message:

🐊 sudo dtrace -A -n 'dtrace:::BEGIN {printf("tracing!\n");}'
dtrace: failed in CFURLCreateDataAndPropertiesFromResource with code -10: Undefined error: 0

This is a guide for enabling anonymous tracing, which seems to be mostly undocumented. First, download the appropriate version of the OS X DTrace source. Extract the tarball and cd into the dtrace_dof_kext directory. Run xcodebuild then the following commands to put the built kernel extension into the system’s appropriate folder:

🐊 sudo chown -R root:wheel build/Release/dtrace_dof.kext
🐊 sudo chmod -R 755 build/Release/dtrace_dof.kext
🐊 sudo cp -R build/Release/dtrace_dof.kext /System/Library/Extensions/dtrace_dof.kext

You should now be able to register a DTrace script for anonymous tracing:

🐊 sudo dtrace -A -n 'dtrace:::BEGIN {printf("tracing!\n");}'
dtrace: saved anonymous enabling in /System/Library/Extensions/dtrace_dof.kext/Contents/Info.plist
dtrace: do 'sudo touch /System/Library/Extensions/' and reboot to enable changes

Be sure to follow DTrace’s instructions and touch /System/Library/Extensions before rebooting to refresh the kernel cache for extensions:

🐊 sudo touch /System/Library/Extensions
🐊 sudo shutdown -r now

When your machine reboots, you should be able to claim the anonymous tracing state:

🐊 sudo dtrace -a -e

What we’ve done here is install a kernel extension that stores a compiled version of the specified DTrace script in its Info.plist file. The script is then loaded from the extension for anonymous tracing during boot. Happy tracing!

Note: Some steps in this guide may require rootless mode to be disabled on newer versions of OS X. I have confirmed that it works on El Capitan 10.11.2 with rootless mode disabled.