Process forensics

v0.1.2

Deep per-process diagnostics for "why is this process stuck / slow / leaking?" — strace (HIGH RISK; slows the target), pid memory maps, per-thread state, /proc walking, gdb backtrace, full lsof, syscall summary. Read-only — but strace and gdb attach via ptrace and WILL slow the target.

Pack ID

process-forensics

Vendor

emisar

linux

Actions

Install

emisar pack install validates the pack and verifies its content hash before copying it into /etc/emisar/packs. The --hash below pins the install to the exact bytes on this page — a tampered copy is rejected. After install, reload the runner; it re-reads the catalog and advertises every action.

content hash: sha256:c38fb64051ab018c471ae8a8f5ae903a7679772f97c0905b4416a6d036e35fde

on the runner host

sudo emisar pack install process-forensics \
  --hash sha256:c38fb64051ab018c471ae8a8f5ae903a7679772f97c0905b4416a6d036e35fde \
  --dest /etc/emisar/packs

# Reload so the runner re-reads the catalog:
sudo systemctl reload emisar

Actions 10 total

View on GitHub

forensics.gdb_backtrace exec high

gdb -ex "thread apply all bt"
forensics.pid_io exec low

/proc/PID/io
forensics.pid_maps exec low

/proc/PID/maps
forensics.pid_open_files exec low

lsof -p <pid>
forensics.pid_smaps_summary exec low

/proc/PID/smaps_rollup
forensics.pid_status exec low

/proc/PID/status
forensics.pid_syscall exec low

/proc/PID/syscall
forensics.pid_threads_state exec low

Per-thread state for one PID
forensics.strace_pid_short exec high

strace -p <pid> (5 seconds)
forensics.strace_summary exec high

strace -c -p <pid> (5 seconds)

← Back to registry

Pack reference Publish your own →