This article describes how the tracing programLinuxThe following functions are executed:CallIn terms of basic concepts and specific instances, I believe it will be of great help to Linux beginners!
For a program, we can usually use call tools such as gdb to set the breakpoint for calling. However, the Linux system provides a number of tracking tools that allow us to track system calls, dynamic library calls, stack conditions, and receive signals executed by programs without source code. This allows us to observe the program execution process without stopping the program.
Strace displays the system calls and receive signals of the execution program;
Strace [strace option] executable program parameters.
Option description:
-O filename: Write the output to the file filename;
-F tracks the execution of sub-processes and is suitable for multi-threaded programs;
-Ff if-o is used to specify the output file, each sub-process is written to filename. pid;
-S strsize: specifies the maximum string size. The default value is 32;
-R: print the relative timestamp;
-T print actual time-tt print millisecond-ttt print microsecond time;
-X displays all non-ASCII strings as hexadecimal strings;
-Xx: All strings are displayed in hexadecimal notation;
-P pid is attached to the process for tracking and left after ctrl + c to keep the tracked program running.
-E key = [!] Value [, value] Or-evalue, only system calls of value are displayed;
Keys include trace, abbrev, verbose, raw, signal, read, and write. value indicates the symbols called by the system.
For example, if-e trace = open, trace = all is used by default.
To facilitate the use of value, different types of system calls are defined: file represents all file-related calls, process involves calls of related processes, and network involves network system calls, signal represents all signal-related system calls, in addition to ipc and desc. Other keys such as abbrev, verbose, and raw indicate the output mode. Signal can track the receipt of a specific signal set. The default value is signal = ALL. You can use SIGIO. Read/write can specify the action to track the write of a specific file descriptor and print the read/write data in hexadecimal format. For example,-e read = 3, 5.
Ltrace displays the Library call and receive signals of the execution program. It is similar to the use parameters of strace, -e-f-P-s-t-tt-o-ff and other parameters are supported. In addition, it also supports the following parameters:
-C -- demangle converts the symbols of low-level compilers for easy reading, such as mangle operations such as C ++;
-L -- library libname, lib... only shows library calls in libname;
-S shows system calls,-L does not show library calls;
-N num: indent the nested call;
The calls in different libraries are listed in the/etc/ltrace. conf file.
Pstack prints the call stack and corresponding parameters of the program when hit;
Pstack pid.