Strace commands in Linux

Strace commands in Linux are commonly used to track system calls and received signals during process execution. In the Linux World, processes cannot directly access hardware devices. When a process needs to access hardware devices (such as reading disk files and receiving network data, you must switch from user mode to kernel mode to access hardware devices through system calls. Strace can trace the system calls generated by a process, including parameters, return values, and execution time. The strace command can display all system calls used in the program. Define a simple HelloWorld Program (hello. sh) [plain] <span style = "font-size: 12px;"> #! /Bin/bash # The script is used to output Hello! How are you on the screen # file creation date: 2013/06/12 # Made by VBird hello = Hello \\! \ How \ are \ you \\? Echo $ hello </span>: strace sh hello. sh [plain] [root @ localhost tmp] # strace sh hello. sh execve ("/bin/sh", ["sh", "hello. sh "], [/* 29 vars */]) = 0 uname ({sys =" Linux ", node =" localhost. localdomain ",...}) = 0 brk (0) = 0x84de000 access ("/etc/ld. so. preload ", R_ OK) =-1 ENOENT (No such file or directory) open ("/etc/ld. so. cache ", O_RDONLY) = 3 fstat64 (3, {st_mode = S_IFREG | 0644, st_size = 78933 ,...}) = 0 old_mmap (NULL, 78933, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7ef2000 close (3) = 0 open ("/lib/libtermcap. so.2 ", O_RDONLY) = 3 read (3, "\ 177ELF \ 1 \ 1 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 0 \ 3 \ 0 \ 3 \ 0 \ 1 \ 0 \ 0 \ 0 \ 0 \ 0 \ 320 [\ 317 \ 0004 \ 0 \ 0 \ 0 "..., 512) = 512 fstat64 (3, {st_mode = S_IFREG | 0755, st_size = 12592 ,...}) = 0 old_mmap (0xcf5000, 14280, PROT_READ | PROT_EXEC, MAP_PRIVATE | MAP_DENYWRITE, 3, 0) = 0xcf5000 old_mmap (0xcf8000, 4096, PROT_R EAD | PROT_WRITE, MAP_PRIVATE | MAP_FIXED | MAP_DENYWRITE, 3, 0x2000) = 0xcf8000 close (3) = 0 open ("/lib/libdl. so.2 ", O_RDONLY) = 3... 1000 words are omitted here... rt_sigprocmask (SIG_BLOCK, NULL, [], 8) = 0 rt_sigprocmask (SIG_BLOCK, NULL, [], 8) = 0 rt_sigprocmask (SIG_BLOCK, NULL, [], 8) = 0 open (". ", O_RDONLY | O_NONBLOCK | O_LARGEFILE | O_DIRECTORY) = 3 fstat64 (3, {st_mode = S_IFDIR | 0755, st_size = 4096 ,...}) = 0 fcntl64 (3, F _ SETFD, FD_CLOEXEC) = 0 getdents64 (3,/* 3 entries */, 4096) = 80 getdents64 (3,/* 0 entries */, 4096) = 0 close (3) = 0 fstat64 (1, {st_mode = S_IFCHR | 0620, st_rdev = makedev (136, 0 ),...}) = 0 mmap2 (NULL, 4096, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS,-1, 0) = 0xb7bdb000 <span style = "color: # ff0000;"> write (1, "Hello! How are you? \ N ", 22 Hello! How are you? </Span>) = 22 rt_sigprocmask (SIG_BLOCK, NULL, [], 8) = 0 read (255, "", 126) = 0 exit_group (0) =? The output parameter indicates that each row is a system call. The function name and its parameters of the system call are on the left of the equal sign, and the return value of the call is on the right. Strace displays the parameters of these calls and Returns signed values. Strace receives information from the kernel, and does not need to build the kernel in any special way. It can be seen that system calls are everywhere, even the simplest hello world! The strace parameter [plain]-c counts the execution time, number of times, and number of errors of each system call. -d: Output strace debugging information about standard errors. -f tracks the sub-processes generated by the fork call. -ff if-o filename is provided, the trace results of all processes are output to the corresponding filename. pid indicates the process ID of each process. -F tries to track vfork calls. in-f, vfork is not tracked. -h outputs brief help information. -I output the entry pointer of the system call. -q: Do not output the message about the disconnection. -r prints the relative time, which is called by every system. -t add time information before each row in the output. -tt adds time information before each row in the output, in microseconds. -ttt microsecond-level output, expressed in seconds. -T shows the time consumed by each call. -v outputs all system calls. some calls, such as environment variables, status, and input/output, are not output by default due to frequent calls. -V outputs the version information of strace. -X outputs non-standard string in hexadecimal format-xx all strings are output in hexadecimal format. -a column is used to set the output position of the returned value. the default value is 40. -e expr specifies an expression to control how to track data. format: [qualifier =] [!] Value1 [, value2]... qualifier can only be trace, abbrev, verbose, raw, signal, read, or write. value is a symbol or number used to limit. the default qualifier is trace. the exclamation point is a negative sign. for example,-eopen is equivalent to-e trace = open, indicating that only open calls are tracked. and-etrace! = Open indicates all calls except open. There are two special symbols "all" and "none". Note that some shells are used! To execute the commands in the history, so use \\. -e trace = set: only trace the specified system call. for example,-e trace = open, close, rean, write indicates that only the four system calls are tracked. the default value is set = all. -e trace = file only tracks system calls related to file operations. -e trace = process only traces system calls related to process control. -e trace = network traces all network-related system calls. -e strace = signal tracks all system calls related to system signals-e trace = ipc tracks all system calls related to process Communication-e abbrev = set the strace output system calls result set. -v and so on with abbrev = none. the default value is abbrev = all. -e raw = set: displays the system call parameters in hexadecimal format. -e signal = set indicates the system signal to be tracked. the default value is all. for example, si Gnal =! SIGIO (or signal =! Io), indicating that the SIGIO signal is not tracked. -e read = set outputs the data read from the specified file. for example,-e read = 3, 5-e write = set output writes data to the specified file. -o filename writes strace output to the file filename-p pid to track the specified process pid. -s strsize specifies the maximum length of the output string. the default value is 32. all file names are output. -u username: run the tracked command with the UID and GID of username.