strace
from the strace.man.txt manpage.
trace system calls and signals
In the simplest case strace runs the specified command until it exits.
It intercepts and records the system calls which are called by a process and the signals which are received by a process.
The name of each system call, its arguments and its return value are printed on standard error or to the file specified with the -o option.
strace is a useful diagnostic, instructional, and debugging tool.
System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them.
Students, hackers and the overly-curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs.
And programmers will find that since system calls and signals are events that happen at the user/kernel interface, a close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race conditions.
apt-get install strace; # install under debian yum install strace; # install under centos / redhat root@debian9:~# strace -c touch 1 % time seconds usecs/call calls errors syscall ------ ----------- ----------- --------- --------- ---------------- 21.14 0.000093 13 7 close 17.73 0.000078 11 7 mmap 13.86 0.000061 15 4 mprotect 12.27 0.000054 14 4 open 7.95 0.000035 35 1 utimensat 5.00 0.000022 7 3 fstat 5.00 0.000022 22 1 munmap 5.00 0.000022 7 3 brk 4.09 0.000018 6 3 3 access 3.41 0.000015 15 1 read 2.27 0.000010 10 1 dup2 2.27 0.000010 10 1 arch_prctl 0.00 0.000000 0 1 execve ------ ----------- ----------- --------- --------- ---------------- 100.00 0.000440 37 3 total
without parameters
[root@CentOS7 ~]# strace touch 1
execve("/usr/bin/touch", ["touch", "1"], [/* 27 vars */]) = 0
brk(0) = 0x1960000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6a25ef000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=63590, ...}) = 0
mmap(NULL, 63590, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa6a25df000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\34\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2118128, ...}) = 0
mmap(NULL, 3932672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fa6a200f000
mprotect(0x7fa6a21c6000, 2093056, PROT_NONE) = 0
mmap(0x7fa6a23c5000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b6000) = 0x7fa6a23c5000
mmap(0x7fa6a23cb000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fa6a23cb000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6a25de000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa6a25dc000
arch_prctl(ARCH_SET_FS, 0x7fa6a25dc740) = 0
mprotect(0x7fa6a23c5000, 16384, PROT_READ) = 0
mprotect(0x60d000, 4096, PROT_READ) = 0
mprotect(0x7fa6a25f0000, 4096, PROT_READ) = 0
munmap(0x7fa6a25df000, 63590) = 0
brk(0) = 0x1960000
brk(0x1981000) = 0x1981000
brk(0) = 0x1981000
open("/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=106062768, ...}) = 0
mmap(NULL, 106062768, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fa69bae8000
close(3) = 0
open("1", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666) = 3
dup2(3, 0) = 0
close(3) = 0
utimensat(0, NULL, NULL, 0) = 0
close(0) = 0
close(1) = 0
close(2) = 0
exit_group(0) = ?
+++ exited with 0 +++
ltrace
manpage: ltrace.man.txt
A library call tracer – ltrace is a program that simply runs the specified command until it exits.
It intercepts and records the dynamic library calls which are called by the executed process and the signals which are received by that process.
It can also intercept and print the system calls executed by the program.
Its use is very similar to strace(1).
apt-get install ltrace; # install root@debian9:/home/user# ltrace touch 1 strrchr("touch", '/') = nil setlocale(LC_ALL, "") = "en_US.UTF-8" bindtextdomain("coreutils", "/usr/share/locale") = "/usr/share/locale" textdomain("coreutils") = "coreutils" __cxa_atexit(0x556be5c9f1e0, 0, 0x556be5eb1288, 0x736c6974756572) = 0 getopt_long(2, 0x7ffe28b5dff8, "acd:fhmr:t:", 0x556be5eb02c0, nil) = -1 open("1", 2369, 0666) = 3 dup2(3, 0) = 0 __errno_location() = 0x7fddd0b05698 close(3) = 0 futimens(0, 0, 0x7ffe28b5f86e, 0) = 0 close(0) = 0 __fpending(0x7fddd08f1600, 0, 0x556be5c9f1e0, 0x7fddd08f1c50) = 0 fileno(0x7fddd08f1600) = 1 __freading(0x7fddd08f1600, 0, 0x556be5c9f1e0, 0x7fddd08f1c50) = 0 __freading(0x7fddd08f1600, 0, 4, 0x7fddd08f1c50) = 0 fflush(0x7fddd08f1600) = 0 fclose(0x7fddd08f1600) = 0 __fpending(0x7fddd08f1520, 0, 0x7fddd08ec900, 2880) = 0 fileno(0x7fddd08f1520) = 2 __freading(0x7fddd08f1520, 0, 0x7fddd08ec900, 2880) = 0 __freading(0x7fddd08f1520, 0, 4, 2880) = 0 fflush(0x7fddd08f1520) = 0 fclose(0x7fddd08f1520) = 0 +++ exited (status 0) +++
strings
extract all readable characters out of a binary
strings /bin/bash
LS_COLORS
LS_COLORS: syntax error: %s
01;34
01;36
01;35
01;33
01;32
37;41
30;43
37;44
34;42
30;42
30;41
unparsable value for LS_COLORS environment variable
LS_COLORS: unrecognized prefix: %s
p->minfo.mi_magic2 == 0x5555
nunits < 30
bcoalesce: CHAIN(mp2) != mp1
malloc: %s:%d: assertion botched
free: called with already freed block argument
free: called with unallocated block argument
free: underflow detected; mh_nbytes out of range
free: start and end chunk sizes differ
malloc: block on free list clobbered
realloc: called with unallocated block argument
realloc: underflow detected; mh_nbytes out of range
realloc: start and end chunk sizes differ
;*3$"
e0cc32aba02ec4e0f010047be5ae9dee756960.debug
...
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!