strace

from the strace.man.txt manpage.

trace system calls and signals

In the simplest case strace runs the specified command until it exits.

It intercepts and records the system calls which are called by a process and the signals which are received by a process.

The name of each system call, its arguments and its return value are printed on standard error or to the file specified with the -o option.

strace is a useful diagnostic, instructional, and debugging tool.

System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them.

Students, hackers and the overly-curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs.

And programmers will find that since system calls and signals are events that happen at the user/kernel interface, a close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race conditions.

apt-get install strace; # install under debian
yum install strace; # install under centos / redhat

root@debian9:~# strace -c touch 1
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 21.14    0.000093          13         7           close
 17.73    0.000078          11         7           mmap
 13.86    0.000061          15         4           mprotect
 12.27    0.000054          14         4           open
  7.95    0.000035          35         1           utimensat
  5.00    0.000022           7         3           fstat
  5.00    0.000022          22         1           munmap
  5.00    0.000022           7         3           brk
  4.09    0.000018           6         3         3 access
  3.41    0.000015          15         1           read
  2.27    0.000010          10         1           dup2
  2.27    0.000010          10         1           arch_prctl
  0.00    0.000000           0         1           execve
------ ----------- ----------- --------- --------- ----------------
100.00    0.000440                    37         3 total

without parameters

[root@CentOS7 ~]# strace touch 1
execve("/usr/bin/touch", ["touch", "1"], [/* 27 vars */]) = 0
brk(0)                                  = 0x1960000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6a25ef000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=63590, ...}) = 0
mmap(NULL, 63590, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa6a25df000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2118128, ...}) = 0
mmap(NULL, 3932672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fa6a200f000
mprotect(0x7fa6a21c6000, 2093056, PROT_NONE) = 0
mmap(0x7fa6a23c5000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7fa6a23c5000
mmap(0x7fa6a23cb000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fa6a23cb000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6a25de000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6a25dc000
arch_prctl(ARCH_SET_FS, 0x7fa6a25dc740) = 0
mprotect(0x7fa6a23c5000, 16384, PROT_READ) = 0
mprotect(0x60d000, 4096, PROT_READ)     = 0
mprotect(0x7fa6a25f0000, 4096, PROT_READ) = 0
munmap(0x7fa6a25df000, 63590)           = 0
brk(0)                                  = 0x1960000
brk(0x1981000)                          = 0x1981000
brk(0)                                  = 0x1981000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=106062768, ...}) = 0
mmap(NULL, 106062768, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa69bae8000
close(3)                                = 0
open("1", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = 3
dup2(3, 0)                              = 0
close(3)                                = 0
utimensat(0, NULL, NULL, 0)             = 0
close(0)                                = 0
close(1)                                = 0
close(2)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

ltrace

manpage: ltrace.man.txt

A library call tracer – ltrace is a program that simply runs the specified command until it exits.

It intercepts and records the dynamic library calls which are called by the executed process and the signals which are received by that process.

It can also intercept and print the system calls executed by the program.

Its use is very similar to strace(1).

apt-get install ltrace; # install

root@debian9:/home/user# ltrace touch 1
strrchr("touch", '/')                                                                             = nil
setlocale(LC_ALL, "")                                                                             = "en_US.UTF-8"
bindtextdomain("coreutils", "/usr/share/locale")                                                  = "/usr/share/locale"
textdomain("coreutils")                                                                           = "coreutils"
__cxa_atexit(0x556be5c9f1e0, 0, 0x556be5eb1288, 0x736c6974756572)                                 = 0
getopt_long(2, 0x7ffe28b5dff8, "acd:fhmr:t:", 0x556be5eb02c0, nil)                                = -1
open("1", 2369, 0666)                                                                             = 3
dup2(3, 0)                                                                                        = 0
__errno_location()                                                                                = 0x7fddd0b05698
close(3)                                                                                          = 0
futimens(0, 0, 0x7ffe28b5f86e, 0)                                                                 = 0
close(0)                                                                                          = 0
__fpending(0x7fddd08f1600, 0, 0x556be5c9f1e0, 0x7fddd08f1c50)                                     = 0
fileno(0x7fddd08f1600)                                                                            = 1
__freading(0x7fddd08f1600, 0, 0x556be5c9f1e0, 0x7fddd08f1c50)                                     = 0
__freading(0x7fddd08f1600, 0, 4, 0x7fddd08f1c50)                                                  = 0
fflush(0x7fddd08f1600)                                                                            = 0
fclose(0x7fddd08f1600)                                                                            = 0
__fpending(0x7fddd08f1520, 0, 0x7fddd08ec900, 2880)                                               = 0
fileno(0x7fddd08f1520)                                                                            = 2
__freading(0x7fddd08f1520, 0, 0x7fddd08ec900, 2880)                                               = 0
__freading(0x7fddd08f1520, 0, 4, 2880)                                                            = 0
fflush(0x7fddd08f1520)                                                                            = 0
fclose(0x7fddd08f1520)                                                                            = 0
+++ exited (status 0) +++

strings

extract all readable characters out of a binary

strings /bin/bash

LS_COLORS
LS_COLORS: syntax error: %s
01;34
01;36
01;35
01;33
01;32
37;41
30;43
37;44
34;42
30;42
30;41
unparsable value for LS_COLORS environment variable
LS_COLORS: unrecognized prefix: %s
p->minfo.mi_magic2 == 0x5555
nunits < 30
bcoalesce: CHAIN(mp2) != mp1
malloc: %s:%d: assertion botched
free: called with already freed block argument
free: called with unallocated block argument
free: underflow detected; mh_nbytes out of range
free: start and end chunk sizes differ
malloc: block on free list clobbered
realloc: called with unallocated block argument
realloc: underflow detected; mh_nbytes out of range
realloc: start and end chunk sizes differ
;*3$"
e0cc32aba02ec4e0f010047be5ae9dee756960.debug
...
admin