Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to use the strace command in Linux. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

The common Linux command strace can help you trace the system calls executed by a program. This is extremely convenient when you want to know how the program interacts with the operating system, such as which system calls are executed and in what order.

Output parameter meaning root@ubuntu:/usr# strace cat / dev/nullexecve ("/ bin/cat", ["cat", "/ dev/null"], [/ * 22 vars * /]) = 0brk (0) = 0xab1000access ("/ etc/ld.so.nohwcap", F_OK) =-1 ENOENT (No such file or directory) mmap (NULL, 8192, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS,-1 0) = 0x7f29379a7000access ("/ etc/ld.so.preload", R_OK) =-1 ENOENT (No such file or directory)... brk (0) = 0xab1000brk (0xad2000) = 0xad2000fstat (1, {st_mode=S_IFCHR | 0620, st_rdev=makedev (136,0),...}) = 0open ("/ dev/null", O_RDONLY) = 3fstat (3, {st_mode=S_IFCHR | 0666, st_rdev=makedev (1,3),...}) = 0read (3, "" 32768) = 0close (3) = 0close (1) = 0close (2) = 0exit_group (0) =? Each line is a system call. To the left of the equal sign is the function name of the system call and its parameters, and on the right is the return value of the call. Strace displays the parameters of these calls and returns values in symbolic form. Strace receives information from the kernel and does not need to build the kernel in any special way.

The strace parameter-c counts the execution time, times and errors of each system call.-d outputs strace debugging information about standard errors.-f tracks child processes generated by fork calls.-ff if-o filename is provided, the tracking results of all processes are output to the corresponding filename.pid, where pid is the process number of each process.-F attempts to trace vfork calls. At-f, vfork is not tracked.-h outputs brief help.-I outputs the entry pointer of the system call.-Q disables the output of messages about detachment.-r prints out the relative time about, each system call.-t adds time information before each line in the output.-tt adds time information before each line in the output, microsecond level.-ttt microsecond output The time is expressed in seconds.-T shows the time spent on each call.-v outputs all system calls. Some calls on environment variables, status, input and output, etc., due to frequent use, do not output by default.-V output strace version information.-x output non-standard string in hexadecimal form-xx all strings output in hexadecimal form.-a column sets the output location of the return value. The default is 40. Mure expr specifies an expression that controls how to trace. The format is as follows: [qualifier=] [!] value1 [, value2]... qualifier can only be one of the trace,abbrev,verbose,raw,signal,read,write where .value is a qualified symbol or number. The default qualifier is trace. An exclamation point is a negative symbol. For example:-eopen is equivalent to-e trace=open, which means that only open calls are tracked. And-eTracetracking calls open means to trace calls other than open. There are two special symbols, all and none. Note that some shell is used! To execute commands in the history, use\. E trace=set to track only specified system calls. For example:-e trace=open,close,rean,write means that only these four system calls are tracked. The default is set=all.-e trace=file to track only system calls related to file operations.-e trace=process only tracks system calls related to process control.-e trace=network tracks all system calls related to the network.-e strace=signal tracks all system calls related to system signals-e trace=ipc tracks all system calls related to process communication-e abbrev=set sets the result set of system calls output by strace.-v, etc. The default is abbrev=all.-e raw=set to display the specified system call parameters in hexadecimal.-e signal=set specifies the tracked system signal. The default is all. The SIGIO signal is not tracked.-e read=set outputs the data read from the specified file. For example:-e read=3,5-e write=set output data written to the specified file.-o filename writes the output of strace to the file filename-p pid tracks the maximum length of the specified process pid.-s strsize specified output string. The default is 32. The file name is always output.-u username executes the complete usage of the tracked command instance with username's UID and GID:

Strace-o output.txt-T-tt-e trace=all-p 28979 the above meaning is to track all system calls of the 28979 process (- e trace=all), and count the time spent by the system calls, as well as the start time (and displayed in a visual time-minute-second format), and finally store the recording results in the output.txt file.

Strace case use strace Debugger in an ideal world, whenever a program fails to perform a function properly, it will give you a useful error tip that tells you enough clues to correct the error. But unfortunately, we do not live in an ideal world, at least not always. Sometimes there is something wrong with a program and you can't find the reason. This is why the debugger appears. Strace is an essential debugging tool, and strace is used to monitor system calls. You can debug not only a newly started program, but also an already running program (binding strace to an existing PID). First of all, let's look at a real example: some time before I had a problem starting KDE, I had a problem starting KDE, and the KDE error message didn't give me any helpful clues.

_ KDE_IceTransSocketCreateListener: failed to bind listener_KDE_IceTransSocketUNIXCreateListener:... SocketCreateListener () failed_KDE_IceTransMakeAllCOTSServerListeners: failed to create listener for localCannot establish any listening sockets DCOPServer self-test failed. This error message doesn't make much sense to me, except that a program responsible for interprocess communication, which is vital to KDE, cannot be started. I can also know that this error is related to the ICE protocol (Inter Client Exchange). Other than that, I don't know what is the cause of the KDE startup error. **

I decided to use strace to see what the program did when it started dcopserver:

Strace-f-F-o ~ / dcop-strace.txt dcopserver here the-f-F option tells strace to track the process from both fork and vfork, and the-o option writes all strace output to ~ / dcop-strace.txt. Dcopserver is the program to be started and debugged.

After the error occurs again, I check the error output file dcop-strace.txt, which contains a lot of records of system calls. The relevant records before the error of the program are as follows: * *

27207 mkdir ("/ tmp/.ICE-unix", 0777) =-1 EEXIST (File exists) 27207 lstat64 ("/ tmp/.ICE-unix", {st_mode=S_IFDIR | S_ISVTX | 0755, st_size=4096,...}) = 027207 unlink ("/ tmp/.ICE-unix/dcop27207-1066844596") =-1 ENOENT (No such file or directory) 27207 bind (3, {sin_family=AF_UNIX, path= "/ tmp/.ICE-unix/dcop27207-1066844596"}, 38) =-1 EACCES (Permission denied) 27207 write (2) "Cannot establish any listening s"..., 39) = 39 where the first line shows that the program attempted to create the / tmp/.ICE-unix directory The permission is 0777, which failed because the directory already exists. The second system call (lstat64) checks the status of the directory and shows that the permission of the directory is 0755. Here is the clue of the first program running error: the program tried to create a directory with attribute 0777, but there is already a directory with attribute 0755. The third system call (unlink) attempts to delete a file, but the file does not exist. This is not surprising, because this operation is just an attempt to delete old files that may exist.

However, the fourth line confirms the error. He tried to bind to / tmp/.ICE-unix/dcop27207-1066844596, but an access denied error occurred. . The users and groups of the ICE_unix directory are root, and only the owner has write permissions. A non-root user cannot create files under this directory, and if you change the directory attribute to 0777, the previous operation may be performed, which is exactly what was done when the first step error occurred.

So after I run chmod 0777 / tmp/.ICE-unix, KDE can start normally, and the problem is solved. Tracking debugging with strace only takes a few minutes to track the program running, and then check and parse the output file.

Description: running chmod 0777 is just a test, generally do not set a directory so that all users can read and write, and do not set sticky bit (sticky bit). Setting sticky bits to a directory can prevent a user from deleting files of others under the writable directory at will. You will generally find that the / tmp directory sets the stickiness bit for this reason. After KDE starts normally, run chmod + t / tmp/.ICE-unix to set the stickiness bit to .ICE _ unix.

When you run ldd on an executable, it tells you which dynamic libraries the program uses and where to find them. But if you are using an older version of glibc (2.2 or earlier), you may have a ldd program with bug that may report finding a dynamic library in one directory, but the dynamic linker (/ lib/ld-linux.so.2) may go to another directory to find the dynamic link library when you actually run the program. This is usually because / etc/ld.so.conf and / etc/ld.so.cache files are inconsistent, or / etc/ld.so.cache is corrupted. This error will not occur in glibc version 2.3.2, and the bug of ld-linux may have been resolved.

However, ldd cannot list all the dynamic libraries that the program depends on, and the system call dlopen can automatically call in the needed dynamic libraries when needed, and these libraries may not be listed by ldd. The NSS (Name Server Switch) library, which is part of glibc, is a typical example. One of the functions of NSS is to tell applications where to find the system account database. The application does not connect directly to the NSS library, and glibc automatically calls into the NSS library through dlopen. If such a library is accidentally lost, you will not be told that there is a library dependency problem, but such a program will not be able to get the user ID through user name resolution. Let's look at an example: the whoami program will give your own user name, which is very useful in some scripts that need to know the real user who is running the program. An example output of whoami is as follows:

# whoamiroot assumes that NSS, the library responsible for user name and user ID conversion, is lost during the upgrade of glibc for some reason. We can simulate this environment by renaming the nss library:

# mv / lib/libnss_files.so.2 / lib/libnss_files.so.2.backup# whoamiwhoami: cannot find username for UID 0 you can see here that there was an error running whoami, and the output of the ldd program will not provide useful help:

# ldd / usr/bin/whoamilibc.so.6 = > / lib/libc.so.6 (0x4001f000) / lib/ld-linux.so.2 = > / lib/ld-linux.so.2 (0x40000000) you will only see that whoami depends on Libc.so.6 and ld-linux.so.2, and it doesn't give you any other libraries necessary to run whoami. Here, use strace to trace the output of whoami:

Strace-o whoami-strace.txt whoamiopen ("/ lib/libnss_files.so.2", O_RDONLY) =-1 ENOENT (No such file or directory) open ("/ lib/i686/mmx/libnss_files.so.2", O_RDONLY) =-1 ENOENT (No such file or directory) stat64 ("/ lib/i686/mmx", 0xbffff190) =-1 ENOENT (No such file or directory) open ("/ lib/i686/libnss_files.so.2") O_RDONLY) =-1 ENOENT (No such file or directory) stat64 ("/ lib/i686", 0xbffff190) =-1 ENOENT (No such file or directory) open ("/ lib/mmx/libnss_files.so.2", O_RDONLY) =-1 ENOENT (No such file or directory) stat64 ("/ lib/mmx", 0xbffff190) =-1 ENOENT (No such file or directory) open ("/ lib/libnss_files.so.2", O_RDONLY) =-1 ENOENT (No such file or directory) stat64 ("/ lib") {st_mode=S_IFDIR | 0755, st_size=2352,...}) = 0open ("/ usr/lib/i686/mmx/libnss_files.so.2", O_RDONLY) =-1 ENOENT (No such file or directory) stat64 ("/ usr/lib/i686/mmx", 0xbffff190) =-1 ENOENT (No such file or directory) open ("/ usr/lib/i686/libnss_files.so.2") O_RDONLY) =-1 ENOENT (No such file or directory) you can find attempts to find libnss.so.2 under different directories But they all failed. Without a tool like strace, it's hard to find that this error is caused by a lack of dynamic libraries. Now all you have to do is find the libnss.so.2 and put it back in the right place.

Restrict strace to tracking only specific system calls. If you already know what you are looking for, you can ask strace to track only certain types of system calls. For example, you need to look at the program executed in the configure script, and the system call you need to monitor is execve. Let strace record only the calls to execve with this command:

This is the end of the article strace-f-o configure-strace.txt-e execve. / configure on "how to use strace commands in Linux". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.