SIP doesn’t block dtrace. You can use it just fine to e.g. trace dynamic library function calls.
What really is a problem on MacOS is that they stopped shipping kernel syscall symbols. So you can’t trace syscalls anymore in the default setup. I’ve read on some forum that you can download the symbols from some website and it works then, but didn’t bother with it at that point.
Ironically, despite DTrace originally being a Unix tool, I’ve had the most success using it on Windows. On Mac I can’t trace syscalls by default, on FreeBSD for some reason it didn’t notice that processes inside jails were opening files (despite DTrace running on the host)... On Windows on the other hand DTrace works perfectly for me.
» dtrace echo
dtrace: system integrity protection is on, some features will not be available
dtrace: failed to initialize dtrace: DTrace requires additional privileges
You need to use sudo. I have SIP enabled and use DTrace regularly. Trust me, it works. (As long as you use it properly, i.e. not like an alias for strace the way you tried here.)
» sudo dtrace echo hi
dtrace: system integrity protection is on, some features will not be available
dtrace: no probes specified
(last command returned 1.)
» sudo dtruss echo hi
dtrace: system integrity protection is on, some features will not be available
dtrace: failed to execute echo: Operation not permitted
(last command returned 1.)
»
There's a host of problems that come with that, though: how do you then execute the tracee? If your problem is nice & simple and works under root, that's great I suppose, but it always seems like some access to $HOME destroys that possibility for me.
Then there's that, even ignoring all that … I've still yet to figure out a minimal example?
Give me a barebones minimal example. Every article I hit on this tool is right into space shuttle levels of complexity. That's what makes strace the winner.
> As long as you use it properly, i.e. not like an alias for strace the way you tried here.
What really is a problem on MacOS is that they stopped shipping kernel syscall symbols. So you can’t trace syscalls anymore in the default setup. I’ve read on some forum that you can download the symbols from some website and it works then, but didn’t bother with it at that point.
Ironically, despite DTrace originally being a Unix tool, I’ve had the most success using it on Windows. On Mac I can’t trace syscalls by default, on FreeBSD for some reason it didn’t notice that processes inside jails were opening files (despite DTrace running on the host)... On Windows on the other hand DTrace works perfectly for me.