I started a daemon app with esf function through launchctl. I wanted to get the sample information of the daemon app through sample, but the program would restart, which was not a crash.
// shell command
sample pid -file ~/Downloads/test.txt
/usr/bin/sample obtains the endpoint security app information, and the app restarts
It’s generally not safe to target an ES client with debugging tools because of the risk of deadlock. I talk about this in a more general way in this post.
What info are you hoping to uncover with sample? In most case a spindump is more useful, because it allows you to follow the trail across processes.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"