Tool release: fs_usage_ng

TL;DR:

Github repo: https://github.com/gergelykalman/fs_usage_ng

About

Since Apple's built-in fs_usage is amazing but occasionally falls short, I decided to take it upon myself to improve it.

Since I suck at coming up with names, I used the old-school Open Source default: fs_usage_ng

The ng stands for New Generation or something, but personally I prefer to think it stands for Not Great...

Features in 1.0:

• compiles without the Apple private AppleInternal SDK
• runs on macOS as well as iOS (tested on the SRD)
• displays both src and dst parameters to rename(), which the original did not
• can filter for uid 0 processes ("-u" switch)
• added handling of missing open() flags:
• O_NOFOLLOW_ANY - "f"
• O_EXEC - "e"
• O_SEARCH - "s"

With that, no more wondering whether the rename() does what you thought it would, or you being surprised that symlinks are not being followed, since fs_usage did not handle O_NOFOLLOW_ANY.

As usual, please open issues for bugs/feedback and send me PRs if you think it might benefit the project.

Legally this is bound to the Apple agreement in the repo, which should be fine as the license permits this. Or at least that's what I think with my nonexistent law degree.

Funnily enough I was unable to fill my legal obligation of notifying Apple, since their stated url http://www.apple.com/publicsource/modifications.html returns a 404.

I'm sure it will be fine though, if anything they'll probably be happy that someone took the time to improve their abandoned tool.

Grab it here: https://github.com/gergelykalman/fs_usage_ng