Strace Command Simple usage

Source: Internet
Author: User

Strace can display information such as the system calls that a program undergoes, received signals, and so on.


1.strace-ff-o Output ProgramName

Writes the program ProgramName to the output file,-ff indicates that if there are multiple processes, multiple files are generated, named

2.strace-ff-o output-p PID

To hang a strace on a process

The following copy of a strace use case, I did not personally tried, for reference only

Operating system: Red Hat Linux 9.0
Using debugging tools to track the operation of software in real-time is not only an effective means of diagnosing software "incurable diseases", but also helps us to clarify the "vein" of software, that is, to quickly master the running process and working principle of software, which is a kind of auxiliary method of learning source code. The following example shows how to use Strace to "trigger inspiration" by tracking other software to solve the problems in software development.
As you know, opening a file within a process has a unique file descriptor (Fd:file descriptor) that corresponds to this file. And I encountered such a problem in the development of a software process:
If a FD is known, how can I get the full path of the file corresponding to this FD? Whether it's Linux, FreeBSD, or any other Unix system that doesn't provide such an API, what do you do? Let's think in a different way: Is there any software under Unix that can get the files that the process is opening? If you have enough experience, it is easy to think of lsof, which can be used to know which files the process is opening, and which process the file is opened by. OK, let's experiment with a little program lsof to see how it gets the files that the process opened. Lsof: Displays the files that the process opened.
#include #include #include #include #include
int main (void)
Open ("/tmp/foo", o_creat| O_RDONLY); /* Open File/tmp/foo */
Sleep (1200); /* Sleep for 1200 seconds for further action * *
return 0;
The testlsof is placed in the background and its PID is 3125. Command Lsof-p 3125 to see which files are open for process 3125, we use Strace to track lsof runs, and the output is saved in Lsof.strace:
# gcc Testlsof.c-o testlsof
#./testlsof &
[1] 3125
# strace-o Lsof.strace lsof-p 3125
We searched the output file lsof.strace with "/tmp/foo" as the keyword, with only one result:
# grep '/tmp/foo ' lsof.strace
Readlink ("/proc/3125/fd/3", "/tmp/foo", 4096) = 8
The original lsof ingenious use of the/proc/nnnn/fd/directory (nnnn PID): The Linux kernel for each process in the/proc/to establish a directory with its PID name to save the process of information, and its subdirectory FD holds all the files opened by the process of FD. The target is close to us. OK, let's go to/proc/3125/fd/to see:
# cd/proc/3125/fd/
# ls-l
Total 0
lrwx------1 root root 5 09:50 0-/dev/pts/0
lrwx------1 root root 5 09:50 1-/dev/pts/0
lrwx------1 root root 5 09:50 2-/dev/pts/0
Lr-x------1 root root 5 09:50 3-/tmp/foo
The answer is obvious: each fd file in the/proc/nnnn/fd/directory is a symbolic link that points to a file opened by the process. We just need to use the Readlink () system call to obtain a corresponding file of FD, the code is as follows:
#include #include #include #include #include #include
int get_pathname_from_fd (int fd, char pathname[], int n)
Char buf[1024];
pid_t pid;
Bzero (BUF, 1024);
PID = Getpid ();
snprintf (buf, 1024x768, "/proc/%i/fd/%i", PID, FD);
Return Readlink (buf, pathname, N);
int main (void)
int FD;
Char pathname[4096];
Bzero (pathname, 4096);
FD = open ("/tmp/foo", o_creat| O_RDONLY);
GET_PATHNAME_FROM_FD (FD, pathname, 4096);
printf ("fd=%d; Pathname=%sn ", FD, pathname);
return 0;
For security reasons, the system does not automatically load the proc file system by default after FreeBSD 5, so to use truss or strace trackers, you must manually load the proc file system: Mount-t PROCFS Proc/proc; Add a line to the Etc/fstab:
Proc/proc procfs RW 0 0

For more specific information about strace refer to the article, the above case is also transferred from here:


Strace Command Simple usage

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.