-------[ Sources: ]-------

From Brendan Greg's page:

One-lines to refresh syntax. Note the -n option for 
command-line one-liners; use -s for scripts in files.

http://www.brendangregg.com/dtrace.html#OneLiners

Look for demo scripts in your  /usr/demo/dtrace

http://www.brendangregg.com/DTrace/kill.d
http://www.brendangregg.com/DTrace/bitesize.d
http://www.brendangregg.com/DTrace/sshkeysnoop.d
http://www.brendangregg.com/DTrace/shellsnoop.d

Understand the reasons for and use of "copyin()" and "copyinstr()"
with userland memory contents, such as syscall arguments. For 
kernel memory contexts you don't need those (that memory is
already in the kernel), but you still need to convert C null-terminated
strings to D strings with "stringof()"

Note the undocumented fd[] in 
http://www.cs.dartmouth.edu/~sergey/cs258/d/procdents.d

Suspending the process with "stop()" or sending it another
signal with "raise()" is a destructive action. You need either -w
option to DTrace, or the "#pragma D option destructive" pragma line.
With those, assignments of kernel memory should work; to
write userland process memory you will need to use "copyout()"
(see DTrace User Guide).

Note that you can also write kernel memory from "mdb -k",
by first giving the "$W" command to switch to destructive mode
and then using "address/format value", where format is a format
letter specifying the length and format of value (see :formats).