Strace - Linux Syscall Tracer

April 1, 2021 Linux 访问: 32 次

strace

简单的来讲就是用来记录一个进程的所有系统调用

help

[root@centOS:~/test 10:14 $]strace -h
usage: strace [-CdffhiqrtttTvVwxxy] [-I n] [-e expr]...
              [-a column] [-o file] [-s strsize] [-P path]...
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]
   or: strace -c[dfw] [-I n] [-e expr]... [-O overhead] [-S sortby]
              -p pid... / [-D] [-E var=val]... [-u username] PROG [ARGS]

Output format:
  -a column      alignment COLUMN for printing syscall results (default 40)
  -i             print instruction pointer at time of syscall
  -k             obtain stack trace between each syscall
  -o file        send trace output to FILE instead of stderr
  -q             suppress messages about attaching, detaching, etc.
  -r             print relative timestamp
  -s strsize     limit length of print strings to STRSIZE chars (default 32)
  -t             print absolute timestamp
  -tt            print absolute timestamp with usecs
  -T             print time spent in each syscall
  -x             print non-ascii strings in hex
  -xx            print all strings in hex
  -X format      set the format for printing of named constants and flags
  -y             print paths associated with file descriptor arguments
  -yy            print protocol specific information associated with socket file descriptors

Statistics:
  -c             count time, calls, and errors for each syscall and report summary
  -C             like -c but also print regular output
  -O overhead    set overhead for tracing syscalls to OVERHEAD usecs
  -S sortby      sort syscall counts by: time, calls, name, nothing (default time)
  -w             summarise syscall latency (default is system time)

Filtering:
  -e expr        a qualifying expression: option=[!]all or option=[!]val1[,val2]...
     options:    trace, abbrev, verbose, raw, signal, read, write, fault, inject, kvm
  -P path        trace accesses to path

Tracing:
  -b execve      detach on execve syscall
  -D             run tracer process as a detached grandchild, not as parent
  -f             follow forks
  -ff            follow forks with output into separate files
  -I interruptible
     1:          no signals are blocked
     2:          fatal signals are blocked while decoding syscall (default)
     3:          fatal signals are always blocked (default if '-o FILE PROG')
     4:          fatal signals and SIGTSTP (^Z) are always blocked
                 (useful to make 'strace -o FILE PROG' not stop on ^Z)

Startup:
  -E var         remove var from the environment for command
  -E var=val     put var=val in the environment for command
  -p pid         trace process with process id PID, may be repeated
  -u username    run command as username handling setuid and/or setgid

Miscellaneous:
  -d             enable debug output to stderr
  -v             verbose mode: print unabbreviated argv, stat, termios, etc. args
  -h             print help message
  -V             print version

参数 a

返回值的对其长度

[root@centOS:~/test 10:14 $]strace -a 110 ./demo_6
execve("./demo_6", ["./demo_6"], 0x7ffeb528b450 /* 25 vars */)                                                = 0
brk(NULL)                                                                                                     = 0x9da000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                                      = 0x7f9ae103d000
access("/etc/ld.so.preload", R_OK)                                                                            = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)                                                                  = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...})                                                          = 0
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0)                                                               = 0x7f9ae1031000
close(3)                                                                                                      = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)                                                                  = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832)                               = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...})                                                        = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)                                     = 0x7f9ae0a4f000
mprotect(0x7f9ae0c13000, 2093056, PROT_NONE)                                                                  = 0
mmap(0x7f9ae0e12000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000)           = 0x7f9ae0e12000
mmap(0x7f9ae0e18000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0)                 = 0x7f9ae0e18000
close(3)                                                                                                      = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                                      = 0x7f9ae1030000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                                      = 0x7f9ae102e000
arch_prctl(ARCH_SET_FS, 0x7f9ae102e740)                                                                       = 0
mprotect(0x7f9ae0e12000, 16384, PROT_READ)                                                                    = 0
mprotect(0x600000, 4096, PROT_READ)                                                                           = 0
mprotect(0x7f9ae103e000, 4096, PROT_READ)                                                                     = 0
munmap(0x7f9ae1031000, 49090)                                                                                 = 0
brk(NULL)                                                                                                     = 0x9da000
brk(0x9fb000)                                                                                                 = 0x9fb000
brk(NULL)                                                                                                     = 0x9fb000
exit_group(0)                                                                                                 = ?
+++ exited with 0 +++

参数 i

显示系统调用的地址

[root@centOS:~/test 10:17 $]strace -a 100 -i  ./demo_6
[00007f872b632cc7] execve("./demo_6", ["./demo_6"], 0x7ffd23aef3d8 /* 25 vars */)                   = 0
[00007fc642074aac] brk(NULL)                                                                        = 0x24f1000
[00007fc6420757da] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)         = 0x7fc64227c000
[00007fc6420756d7] access("/etc/ld.so.preload", R_OK)                                               = -1 ENOENT (No such file or directory)
[00007fc642075677] open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)                                     = 3
[00007fc642075604] fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...})                             = 0
[00007fc6420757da] mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0)                                  = 0x7fc642270000
[00007fc642075787] close(3)                                                                         = 0
[00007fc642075677] open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)                                     = 3
[00007fc642075697] read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832)  = 832
[00007fc642075604] fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...})                           = 0
[00007fc6420757da] mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)        = 0x7fc641c8e000
[00007fc642075877] mprotect(0x7fc641e52000, 2093056, PROT_NONE)                                     = 0
[00007fc6420757da] mmap(0x7fc642051000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7fc642051000
[00007fc6420757da] mmap(0x7fc642057000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc642057000
[00007fc642075787] close(3)                                                                         = 0
[00007fc6420757da] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)         = 0x7fc64226f000
[00007fc6420757da] mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)         = 0x7fc64226d000
[00007fc64205cefd] arch_prctl(ARCH_SET_FS, 0x7fc64226d740)                                          = 0
[00007fc642075877] mprotect(0x7fc642051000, 16384, PROT_READ)                                       = 0
[00007fc642075877] mprotect(0x600000, 4096, PROT_READ)                                              = 0
[00007fc642075877] mprotect(0x7fc64227d000, 4096, PROT_READ)                                        = 0
[00007fc642075857] munmap(0x7fc642270000, 49090)                                                    = 0
[00007fc641d8327c] brk(NULL)                                                                        = 0x24f1000
[00007fc641d8327c] brk(0x2512000)                                                                   = 0x2512000
[00007fc641d8327c] brk(NULL)                                                                        = 0x2512000
[00007fc641d53c99] exit_group(0)                                                                    = ?
[????????????????] +++ exited with 0 +++

参数 k

显示每一个系统调用时的栈跟踪,效果类似于gdb里的bt命令

[root@centOS:~/test 10:20 $]strace -a 100 -k  ./demo_6
execve("./demo_6", ["./demo_6"], 0x7ffeac5503f8 /* 25 vars */)                                      = 0
 > /usr/lib64/libc-2.17.so(execve+0x7) [0xc5cc7]
 > /usr/bin/strace(exec_or_die+0x126) [0x4032db]
 > /usr/bin/strace(init+0x1430) [0x430e00]
 > /usr/bin/strace(main+0x39) [0x403359]
 > /usr/lib64/libc-2.17.so(__libc_start_main+0xf4) [0x22554]
 > /usr/bin/strace(_start+0x28) [0x403478]
brk(NULL)                                                                                           = 0x8de000
 > /usr/lib64/ld-2.17.so(__brk+0xc) [0x18aac]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x147) [0x17f97]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7f42a6ad6000
 > /usr/lib64/ld-2.17.so(__mmap+0x3a) [0x197da]
 > /usr/lib64/ld-2.17.so(__libc_memalign+0x83) [0x185f3]
 > /usr/lib64/ld-2.17.so(_dl_init_paths+0x90) [0x8020]
 > /usr/lib64/ld-2.17.so(dl_main+0x1597) [0x3497]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
access("/etc/ld.so.preload", R_OK)                                                                  = -1 ENOENT (No such file or directory)
 > /usr/lib64/ld-2.17.so(access+0x7) [0x196d7]
 > /usr/lib64/ld-2.17.so(dl_main+0x174c) [0x364c]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)                                                        = 3
 > /usr/lib64/ld-2.17.so(__open+0x7) [0x19677]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_read_whole_file+0x25) [0x10885]
 > /usr/lib64/ld-2.17.so(_dl_load_cache_lookup+0x1bc) [0x16d9c]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x427) [0x8907]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...})                                                = 0
 > /usr/lib64/ld-2.17.so(__GI___fxstat+0x14) [0x19604]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_read_whole_file+0x3a) [0x1089a]
 > /usr/lib64/ld-2.17.so(_dl_load_cache_lookup+0x1bc) [0x16d9c]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x427) [0x8907]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0)                                                     = 0x7f42a6aca000
 > /usr/lib64/ld-2.17.so(__mmap+0x3a) [0x197da]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_read_whole_file+0x84) [0x108e4]
 > /usr/lib64/ld-2.17.so(_dl_load_cache_lookup+0x1bc) [0x16d9c]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x427) [0x8907]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
close(3)                                                                                            = 0
 > /usr/lib64/ld-2.17.so(__libc_close+0x7) [0x19787]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_read_whole_file+0x5a) [0x108ba]
 > /usr/lib64/ld-2.17.so(_dl_load_cache_lookup+0x1bc) [0x16d9c]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x427) [0x8907]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)                                                        = 3
 > /usr/lib64/ld-2.17.so(__open+0x7) [0x19677]
 > /usr/lib64/ld-2.17.so(open_verify+0x42) [0x50e2]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x485) [0x8965]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832)                     = 832
 > /usr/lib64/ld-2.17.so(__read+0x7) [0x19697]
 > /usr/lib64/ld-2.17.so(open_verify+0x7a) [0x511a]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x485) [0x8965]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...})                                              = 0
 > /usr/lib64/ld-2.17.so(__GI___fxstat+0x14) [0x19604]
 > /usr/lib64/ld-2.17.so(_dl_map_object_from_fd+0x61) [0x5ef1]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x189) [0x8669]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)                           = 0x7f42a64e8000
 > /usr/lib64/ld-2.17.so(__mmap+0x3a) [0x197da]
 > /usr/lib64/ld-2.17.so(_dl_map_object_from_fd+0x626) [0x64b6]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x189) [0x8669]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mprotect(0x7f42a66ac000, 2093056, PROT_NONE)                                                        = 0
 > /usr/lib64/ld-2.17.so(__mprotect+0x7) [0x19877]
 > /usr/lib64/ld-2.17.so(_dl_map_object_from_fd+0xb54) [0x69e4]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x189) [0x8669]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mmap(0x7f42a68ab000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f42a68ab000
 > /usr/lib64/ld-2.17.so(__mmap+0x3a) [0x197da]
 > /usr/lib64/ld-2.17.so(_dl_map_object_from_fd+0x76a) [0x65fa]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x189) [0x8669]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mmap(0x7f42a68b1000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0)       = 0x7f42a68b1000
 > /usr/lib64/ld-2.17.so(__mmap+0x3a) [0x197da]
 > /usr/lib64/ld-2.17.so(_dl_map_object_from_fd+0xbf9) [0x6a89]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x189) [0x8669]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
close(3)                                                                                            = 0
 > /usr/lib64/ld-2.17.so(__libc_close+0x7) [0x19787]
 > /usr/lib64/ld-2.17.so(_dl_map_object_from_fd+0x9bb) [0x684b]
 > /usr/lib64/ld-2.17.so(_dl_map_object+0x189) [0x8669]
 > /usr/lib64/ld-2.17.so(openaux+0x31) [0xcc61]
 > /usr/lib64/ld-2.17.so(_dl_catch_error+0x63) [0xf7d3]
 > /usr/lib64/ld-2.17.so(_dl_map_object_deps+0x34c) [0xd46c]
 > /usr/lib64/ld-2.17.so(dl_main+0x1792) [0x3692]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7f42a6ac9000
 > /usr/lib64/ld-2.17.so(__mmap+0x3a) [0x197da]
 > /usr/lib64/ld-2.17.so(__libc_memalign+0x83) [0x185f3]
 > /usr/lib64/ld-2.17.so(init_tls+0x34) [0xe6b]
 > /usr/lib64/ld-2.17.so(dl_main+0x1cd1) [0x3bd1]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7f42a6ac7000
 > /usr/lib64/ld-2.17.so(__mmap+0x3a) [0x197da]
 > /usr/lib64/ld-2.17.so(__libc_memalign+0x83) [0x185f3]
 > /usr/lib64/ld-2.17.so(_dl_allocate_tls_storage+0x19) [0x12429]
 > /usr/lib64/ld-2.17.so(init_tls+0x80) [0xeb7]
 > /usr/lib64/ld-2.17.so(dl_main+0x1cd1) [0x3bd1]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
arch_prctl(ARCH_SET_FS, 0x7f42a6ac7740)                                                             = 0
 > /usr/lib64/ld-2.17.so(init_tls+0xc6) [0xefd]
 > /usr/lib64/ld-2.17.so(dl_main+0x1cd1) [0x3bd1]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mprotect(0x7f42a68ab000, 16384, PROT_READ)                                                          = 0
 > /usr/lib64/ld-2.17.so(__mprotect+0x7) [0x19877]
 > /usr/lib64/ld-2.17.so(_dl_relocate_object+0x98e) [0xc0de]
 > /usr/lib64/ld-2.17.so(dl_main+0x2a99) [0x4999]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mprotect(0x600000, 4096, PROT_READ)                                                                 = 0
 > /usr/lib64/ld-2.17.so(__mprotect+0x7) [0x19877]
 > /usr/lib64/ld-2.17.so(_dl_relocate_object+0x98e) [0xc0de]
 > /usr/lib64/ld-2.17.so(dl_main+0x2a99) [0x4999]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
mprotect(0x7f42a6ad7000, 4096, PROT_READ)                                                           = 0
 > /usr/lib64/ld-2.17.so(__mprotect+0x7) [0x19877]
 > /usr/lib64/ld-2.17.so(_dl_relocate_object+0x98e) [0xc0de]
 > /usr/lib64/ld-2.17.so(dl_main+0x24d9) [0x43d9]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
munmap(0x7f42a6aca000, 49090)                                                                       = 0
 > /usr/lib64/ld-2.17.so(munmap+0x7) [0x19857]
 > /usr/lib64/ld-2.17.so(_dl_unload_cache+0x27) [0x171c7]
 > /usr/lib64/ld-2.17.so(dl_main+0x1f8e) [0x3e8e]
 > /usr/lib64/ld-2.17.so(_dl_sysdep_start+0x1bd) [0x1800d]
 > /usr/lib64/ld-2.17.so(_dl_start+0x380) [0x1bd0]
 > /usr/lib64/ld-2.17.so(_start+0x7) [0x1147]
 > No DWARF information found
brk(NULL)                                                                                           = 0x8de000
 > /usr/lib64/libc-2.17.so(brk+0xc) [0xf527c]
 > /usr/lib64/libc-2.17.so(__sbrk+0x4e) [0xf532e]
 > /usr/lib64/libc-2.17.so(__default_morecore+0x8) [0x88ed8]
 > /usr/lib64/libc-2.17.so(sysmalloc+0x452) [0x81bf2]
 > /usr/lib64/libc-2.17.so(_int_malloc+0x9d9) [0x82959]
 > /usr/lib64/libc-2.17.so(malloc+0x4b) [0x8578b]
 > /root/test/demo_6(main+0x18) [0x400545]
 > /usr/lib64/libc-2.17.so(__libc_start_main+0xf4) [0x22554]
 > /root/test/demo_6(_start+0x28) [0x400468]
brk(0x8ff000)                                                                                       = 0x8ff000
 > /usr/lib64/libc-2.17.so(brk+0xc) [0xf527c]
 > /usr/lib64/libc-2.17.so(__sbrk+0x35) [0xf5315]
 > /usr/lib64/libc-2.17.so(__default_morecore+0x8) [0x88ed8]
 > /usr/lib64/libc-2.17.so(sysmalloc+0x452) [0x81bf2]
 > /usr/lib64/libc-2.17.so(_int_malloc+0x9d9) [0x82959]
 > /usr/lib64/libc-2.17.so(malloc+0x4b) [0x8578b]
 > /root/test/demo_6(main+0x18) [0x400545]
 > /usr/lib64/libc-2.17.so(__libc_start_main+0xf4) [0x22554]
 > /root/test/demo_6(_start+0x28) [0x400468]
brk(NULL)                                                                                           = 0x8ff000
 > /usr/lib64/libc-2.17.so(brk+0xc) [0xf527c]
 > /usr/lib64/libc-2.17.so(__sbrk+0x4e) [0xf532e]
 > /usr/lib64/libc-2.17.so(__default_morecore+0x8) [0x88ed8]
 > /usr/lib64/libc-2.17.so(sysmalloc+0x543) [0x81ce3]
 > /usr/lib64/libc-2.17.so(_int_malloc+0x9d9) [0x82959]
 > /usr/lib64/libc-2.17.so(malloc+0x4b) [0x8578b]
 > /root/test/demo_6(main+0x18) [0x400545]
 > /usr/lib64/libc-2.17.so(__libc_start_main+0xf4) [0x22554]
 > /root/test/demo_6(_start+0x28) [0x400468]
exit_group(0)                                                                                       = ?
+++ exited with 0 +++
 > /usr/lib64/libc-2.17.so(_exit+0x39) [0xc5c99]
 > /usr/lib64/libc-2.17.so(__run_exit_handlers+0x9a) [0x39cfa]
 > /usr/lib64/libc-2.17.so(exit+0x16) [0x39d86]
 > /usr/lib64/libc-2.17.so(__libc_start_main+0xfb) [0x2255b]
 > /root/test/demo_6(_start+0x28) [0x400468]

参数 o

将strace的输出日志转存到一个文件中

[root@centOS:~/test 10:28 $]strace -o strace.log ./demo_6
[root@centOS:~/test 10:29 $]ls
demo_6  demo.c  strace.log
[root@centOS:~/test 10:29 $]cat strace.log
execve("./demo_6", ["./demo_6"], 0x7fff7ac5f560 /* 25 vars */) = 0
brk(NULL)                               = 0x154d000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc77ce6b000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...}) = 0
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc77ce5f000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...}) = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc77c87d000
mprotect(0x7fc77ca41000, 2093056, PROT_NONE) = 0
mmap(0x7fc77cc40000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7fc77cc40000
mmap(0x7fc77cc46000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc77cc46000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc77ce5e000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc77ce5c000
arch_prctl(ARCH_SET_FS, 0x7fc77ce5c740) = 0
mprotect(0x7fc77cc40000, 16384, PROT_READ) = 0
mprotect(0x600000, 4096, PROT_READ)     = 0
mprotect(0x7fc77ce6c000, 4096, PROT_READ) = 0
munmap(0x7fc77ce5f000, 49090)           = 0
brk(NULL)                               = 0x154d000
brk(0x156e000)                          = 0x156e000
brk(NULL)                               = 0x156e000
exit_group(0)                           = ?
+++ exited with 0 +++
[root@centOS:~/test 10:29 $]

参数 r

显示两个系统调用之间相隔的相对时间

[root@centOS:~/test 10:40 $]strace -r ./demo_6
     0.000000 execve("./demo_6", ["./demo_6"], 0x7ffc5af61d38 /* 25 vars */) = 0
     0.000516 brk(NULL)                 = 0x25ea000
     0.000254 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb0c4d9000
     0.000241 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
     0.000257 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
     0.000220 fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...}) = 0
     0.000237 mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fdb0c4cd000
     0.000111 close(3)                  = 0
     0.000147 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
     0.000161 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832
     0.000183 fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...}) = 0
     0.000072 mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fdb0beeb000
     0.000059 mprotect(0x7fdb0c0af000, 2093056, PROT_NONE) = 0
     0.000038 mmap(0x7fdb0c2ae000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7fdb0c2ae000
     0.000188 mmap(0x7fdb0c2b4000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fdb0c2b4000
     0.000192 close(3)                  = 0
     0.000176 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb0c4cc000
     0.000189 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdb0c4ca000
     0.000087 arch_prctl(ARCH_SET_FS, 0x7fdb0c4ca740) = 0
     0.000239 mprotect(0x7fdb0c2ae000, 16384, PROT_READ) = 0
     0.000185 mprotect(0x600000, 4096, PROT_READ) = 0
     0.000105 mprotect(0x7fdb0c4da000, 4096, PROT_READ) = 0
     0.000128 munmap(0x7fdb0c4cd000, 49090) = 0
     0.000176 brk(NULL)                 = 0x25ea000
     0.000091 brk(0x260b000)            = 0x260b000
     0.000090 brk(NULL)                 = 0x260b000
     0.000196 exit_group(0)             = ?
     0.000224 +++ exited with 0 +++

参数 s

限制了含有字符串参数的系统调用的显示长度
比如说: write、read等

[root@centOS:~/test 10:45 $]strace -s 5  ./demo_6
execve("./demo_6", ["./dem"...], 0x7ffca4aae480 /* 25 vars */) = 0
brk(NULL)                               = 0x1e6c000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc55ebae000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...}) = 0
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc55eba2000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2"..., 832)            = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...}) = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc55e5c0000
mprotect(0x7fc55e784000, 2093056, PROT_NONE) = 0
mmap(0x7fc55e983000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7fc55e983000
mmap(0x7fc55e989000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc55e989000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc55eba1000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc55eb9f000
arch_prctl(ARCH_SET_FS, 0x7fc55eb9f740) = 0
mprotect(0x7fc55e983000, 16384, PROT_READ) = 0
mprotect(0x600000, 4096, PROT_READ)     = 0
mprotect(0x7fc55ebaf000, 4096, PROT_READ) = 0
munmap(0x7fc55eba2000, 49090)           = 0
brk(NULL)                               = 0x1e6c000
brk(0x1e8d000)                          = 0x1e8d000
brk(NULL)                               = 0x1e8d000
exit_group(0)                           = ?
+++ exited with 0 +++

参数 t

显示执行系统调用时的系统时间,格式为:时:分:秒

[root@centOS:~/test 10:45 $]strace -t  ./demo_6
10:48:55 execve("./demo_6", ["./demo_6"], 0x7ffdb7e45fc8 /* 25 vars */) = 0
10:48:55 brk(NULL)                      = 0x1aae000
10:48:55 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efe743ef000
10:48:55 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
10:48:55 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
10:48:55 fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...}) = 0
10:48:55 mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7efe743e3000
10:48:55 close(3)                       = 0
10:48:55 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
10:48:55 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832
10:48:55 fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...}) = 0
10:48:55 mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7efe73e01000
10:48:55 mprotect(0x7efe73fc5000, 2093056, PROT_NONE) = 0
10:48:55 mmap(0x7efe741c4000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7efe741c4000
10:48:55 mmap(0x7efe741ca000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7efe741ca000
10:48:55 close(3)                       = 0
10:48:55 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efe743e2000
10:48:55 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7efe743e0000
10:48:55 arch_prctl(ARCH_SET_FS, 0x7efe743e0740) = 0
10:48:55 mprotect(0x7efe741c4000, 16384, PROT_READ) = 0
10:48:55 mprotect(0x600000, 4096, PROT_READ) = 0
10:48:55 mprotect(0x7efe743f0000, 4096, PROT_READ) = 0
10:48:55 munmap(0x7efe743e3000, 49090)  = 0
10:48:55 brk(NULL)                      = 0x1aae000
10:48:55 brk(0x1acf000)                 = 0x1acf000
10:48:55 brk(NULL)                      = 0x1acf000
10:48:55 exit_group(0)                  = ?
10:48:55 +++ exited with 0 +++

参数 tt

显示更详细的执行系统调用时的系统时间,格式为:时:分:秒.毫秒

[root@centOS:~/test 10:48 $]strace -tt ./demo_6
10:49:00.745644 execve("./demo_6", ["./demo_6"], 0x7fff0ec11388 /* 25 vars */) = 0
10:49:00.746103 brk(NULL)               = 0x2058000
10:49:00.746238 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fafda979000
10:49:00.746370 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
10:49:00.746679 open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
10:49:00.746917 fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...}) = 0
10:49:00.747196 mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fafda96d000
10:49:00.747423 close(3)                = 0
10:49:00.747617 open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
10:49:00.747803 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832
10:49:00.747930 fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...}) = 0
10:49:00.748120 mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fafda38b000
10:49:00.748312 mprotect(0x7fafda54f000, 2093056, PROT_NONE) = 0
10:49:00.748537 mmap(0x7fafda74e000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7fafda74e000
10:49:00.748736 mmap(0x7fafda754000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fafda754000
10:49:00.748925 close(3)                = 0
10:49:00.749071 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fafda96c000
10:49:00.749260 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fafda96a000
10:49:00.749416 arch_prctl(ARCH_SET_FS, 0x7fafda96a740) = 0
10:49:00.749675 mprotect(0x7fafda74e000, 16384, PROT_READ) = 0
10:49:00.749856 mprotect(0x600000, 4096, PROT_READ) = 0
10:49:00.750038 mprotect(0x7fafda97a000, 4096, PROT_READ) = 0
10:49:00.750210 munmap(0x7fafda96d000, 49090) = 0
10:49:00.750448 brk(NULL)               = 0x2058000
10:49:00.750638 brk(0x2079000)          = 0x2079000
10:49:00.750809 brk(NULL)               = 0x2079000
10:49:00.750997 exit_group(0)           = ?
10:49:00.751154 +++ exited with 0 +++

参数 T

显示每个系统调用所用的时间

[root@centOS:~/test 10:53 $]strace -a 100  -T ./demo_6
execve("./demo_6", ["./demo_6"], 0x7ffcbe6da2c8 /* 25 vars */)                                      = 0 <0.000324>
brk(NULL)                                                                                           = 0x1ac5000 <0.000019>
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7fa496136000 <0.000025>
access("/etc/ld.so.preload", R_OK)                                                                  = -1 ENOENT (No such file or directory) <0.000088>
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)                                                        = 3 <0.000083>
fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...})                                                = 0 <0.000022>
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0)                                                     = 0x7fa49612a000 <0.000043>
close(3)                                                                                            = 0 <0.000076>
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)                                                        = 3 <0.000018>
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832)                     = 832 <0.000008>
fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...})                                              = 0 <0.000010>
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)                           = 0x7fa495b48000 <0.000013>
mprotect(0x7fa495d0c000, 2093056, PROT_NONE)                                                        = 0 <0.000012>
mmap(0x7fa495f0b000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7fa495f0b000 <0.000014>
mmap(0x7fa495f11000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0)       = 0x7fa495f11000 <0.000010>
close(3)                                                                                            = 0 <0.000012>
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7fa496129000 <0.000008>
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7fa496127000 <0.000010>
arch_prctl(ARCH_SET_FS, 0x7fa496127740)                                                             = 0 <0.000025>
mprotect(0x7fa495f0b000, 16384, PROT_READ)                                                          = 0 <0.000035>
mprotect(0x600000, 4096, PROT_READ)                                                                 = 0 <0.000091>
mprotect(0x7fa496137000, 4096, PROT_READ)                                                           = 0 <0.000016>
munmap(0x7fa49612a000, 49090)                                                                       = 0 <0.000096>
brk(NULL)                                                                                           = 0x1ac5000 <0.000085>
brk(0x1ae6000)                                                                                      = 0x1ae6000 <0.000086>
brk(NULL)                                                                                           = 0x1ae6000 <0.000013>
exit_group(0)                                                                                       = ?
+++ exited with 0 +++

参数 x

把非ascii字符串以十六进制显示

[root@centOS:~/test 10:54 $]strace -x ./demo_6
execve("./demo_6", ["./demo_6"], 0x7ffd7c942888 /* 25 vars */) = 0
brk(NULL)                               = 0x1ce1000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc818ed1000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...}) = 0
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fc818ec5000
close(3)                                = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\x7f\x45\x4c\x46\x02\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x3e\x00\x01\x00\x00\x00\x60\x26\x02\x00\x00\x00\x00\x00"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...}) = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fc8188e3000
mprotect(0x7fc818aa7000, 2093056, PROT_NONE) = 0
mmap(0x7fc818ca6000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7fc818ca6000
mmap(0x7fc818cac000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fc818cac000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc818ec4000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc818ec2000
arch_prctl(ARCH_SET_FS, 0x7fc818ec2740) = 0
mprotect(0x7fc818ca6000, 16384, PROT_READ) = 0
mprotect(0x600000, 4096, PROT_READ)     = 0
mprotect(0x7fc818ed2000, 4096, PROT_READ) = 0
munmap(0x7fc818ec5000, 49090)           = 0
brk(NULL)                               = 0x1ce1000
brk(0x1d02000)                          = 0x1d02000
brk(NULL)                               = 0x1d02000
exit_group(0)                           = ?
+++ exited with 0 +++

参数 xx

把所有字符串都以十六进制显示

[root@centOS:~/test 10:55 $]strace -xx ./demo_6
execve("\x2e\x2f\x64\x65\x6d\x6f\x5f\x36", ["\x2e\x2f\x64\x65\x6d\x6f\x5f\x36"], 0x7ffeaa6bfda8 /* 25 vars */) = 0
brk(NULL)                               = 0xa1e000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd26c98a000
access("\x2f\x65\x74\x63\x2f\x6c\x64\x2e\x73\x6f\x2e\x70\x72\x65\x6c\x6f\x61\x64", R_OK) = -1 ENOENT (No such file or directory)
open("\x2f\x65\x74\x63\x2f\x6c\x64\x2e\x73\x6f\x2e\x63\x61\x63\x68\x65", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...}) = 0
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fd26c97e000
close(3)                                = 0
open("\x2f\x6c\x69\x62\x36\x34\x2f\x6c\x69\x62\x63\x2e\x73\x6f\x2e\x36", O_RDONLY|O_CLOEXEC) = 3
read(3, "\x7f\x45\x4c\x46\x02\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x3e\x00\x01\x00\x00\x00\x60\x26\x02\x00\x00\x00\x00\x00"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...}) = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd26c39c000
mprotect(0x7fd26c560000, 2093056, PROT_NONE) = 0
mmap(0x7fd26c75f000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7fd26c75f000
mmap(0x7fd26c765000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fd26c765000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd26c97d000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd26c97b000
arch_prctl(ARCH_SET_FS, 0x7fd26c97b740) = 0
mprotect(0x7fd26c75f000, 16384, PROT_READ) = 0
mprotect(0x600000, 4096, PROT_READ)     = 0
mprotect(0x7fd26c98b000, 4096, PROT_READ) = 0
munmap(0x7fd26c97e000, 49090)           = 0
brk(NULL)                               = 0xa1e000
brk(0xa3f000)                           = 0xa3f000
brk(NULL)                               = 0xa3f000
exit_group(0)                           = ?
+++ exited with 0 +++

参数 y

显示与文件描述符参数关联的绝对路径

[root@centOS:~/test 10:58 $]strace -a 100 -y ./demo_6
execve("./demo_6", ["./demo_6"], 0x7ffc067ffb38 /* 25 vars */)                                      = 0
brk(NULL)                                                                                           = 0x79d000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7ff69f1fb000
access("/etc/ld.so.preload", R_OK)                                                                  = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)                                                        = 3</etc/ld.so.cache>
fstat(3</etc/ld.so.cache>, {st_mode=S_IFREG|0644, st_size=49090, ...})                              = 0
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3</etc/ld.so.cache>, 0)                                   = 0x7ff69f1ef000
close(3</etc/ld.so.cache>)                                                                          = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)                                                        = 3</usr/lib64/libc-2.17.so>
read(3</usr/lib64/libc-2.17.so>, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832
fstat(3</usr/lib64/libc-2.17.so>, {st_mode=S_IFREG|0755, st_size=2156344, ...})                     = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3</usr/lib64/libc-2.17.so>, 0)  = 0x7ff69ec0d000
mprotect(0x7ff69edd1000, 2093056, PROT_NONE)                                                        = 0
mmap(0x7ff69efd0000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3</usr/lib64/libc-2.17.so>, 0x1c3000) = 0x7ff69efd0000
mmap(0x7ff69efd6000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0)       = 0x7ff69efd6000
close(3</usr/lib64/libc-2.17.so>)                                                                   = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7ff69f1ee000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7ff69f1ec000
arch_prctl(ARCH_SET_FS, 0x7ff69f1ec740)                                                             = 0
mprotect(0x7ff69efd0000, 16384, PROT_READ)                                                          = 0
mprotect(0x600000, 4096, PROT_READ)                                                                 = 0
mprotect(0x7ff69f1fc000, 4096, PROT_READ)                                                           = 0
munmap(0x7ff69f1ef000, 49090)                                                                       = 0
brk(NULL)                                                                                           = 0x79d000
brk(0x7be000)                                                                                       = 0x7be000
brk(NULL)                                                                                           = 0x7be000
exit_group(0)                                                                                       = ?
+++ exited with 0 +++

参数 yy

显示与套接字相关的系统调用所用的具体的协议
如:socket等

[root@centOS:~/test 11:02 $]strace -yy -a 100 ./demo_7
execve("./demo_7", ["./demo_7"], 0x7ffc7b858108 /* 25 vars */)                                      = 0
brk(NULL)                                                                                           = 0x17e5000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7ff5f857f000
access("/etc/ld.so.preload", R_OK)                                                                  = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)                                                        = 3</etc/ld.so.cache>
fstat(3</etc/ld.so.cache>, {st_mode=S_IFREG|0644, st_size=49090, ...})                              = 0
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3</etc/ld.so.cache>, 0)                                   = 0x7ff5f8573000
close(3</etc/ld.so.cache>)                                                                          = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)                                                        = 3</usr/lib64/libc-2.17.so>
read(3</usr/lib64/libc-2.17.so>, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832) = 832
fstat(3</usr/lib64/libc-2.17.so>, {st_mode=S_IFREG|0755, st_size=2156344, ...})                     = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3</usr/lib64/libc-2.17.so>, 0)  = 0x7ff5f7f91000
mprotect(0x7ff5f8155000, 2093056, PROT_NONE)                                                        = 0
mmap(0x7ff5f8354000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3</usr/lib64/libc-2.17.so>, 0x1c3000) = 0x7ff5f8354000
mmap(0x7ff5f835a000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0)       = 0x7ff5f835a000
close(3</usr/lib64/libc-2.17.so>)                                                                   = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7ff5f8572000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7ff5f8570000
arch_prctl(ARCH_SET_FS, 0x7ff5f8570740)                                                             = 0
mprotect(0x7ff5f8354000, 16384, PROT_READ)                                                          = 0
mprotect(0x601000, 4096, PROT_READ)                                                                 = 0
mprotect(0x7ff5f8580000, 4096, PROT_READ)                                                           = 0
munmap(0x7ff5f8573000, 49090)                                                                       = 0
socket(AF_INET, SOCK_STREAM, IPPROTO_IP)                                                            = 3<TCP:[55598]>
bind(3<TCP:[55598]>, {sa_family=AF_INET, sin_port=htons(12345), sin_addr=inet_addr("0.0.0.0")}, 16) = 0
listen(3<TCP:[55598]>, 5)                                                                           = 0
accept(3<TCP:[0.0.0.0:12345]>, ^Cstrace: Process 18208 detached
 <detached ...>

参数 c

统计各项执行结果
输出格式:

[root@centOS:~/test 11:17 $]strace -c -a 100 ./demo_6
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 44.39    0.000087          21         4           mprotect
 42.86    0.000084          21         4           brk
 12.76    0.000025          25         1           munmap
  0.00    0.000000           0         1           read
  0.00    0.000000           0         2           open
  0.00    0.000000           0         2           close
  0.00    0.000000           0         2           fstat
  0.00    0.000000           0         7           mmap
  0.00    0.000000           0         1         1 access
  0.00    0.000000           0         1           execve
  0.00    0.000000           0         1           arch_prctl
------ ----------- ----------- --------- --------- ----------------
100.00    0.000196                    26         1 total

参数 C

常规输出加上各项统计

[root@centOS:~/test 11:22 $]strace -C -a 100 ./demo_6
execve("./demo_6", ["./demo_6"], 0x7fff17abcca8 /* 25 vars */)                                      = 0
brk(NULL)                                                                                           = 0x18d7000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7f738bbfc000
access("/etc/ld.so.preload", R_OK)                                                                  = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)                                                        = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=49090, ...})                                                = 0
mmap(NULL, 49090, PROT_READ, MAP_PRIVATE, 3, 0)                                                     = 0x7f738bbf0000
close(3)                                                                                            = 0
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)                                                        = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`&\2\0\0\0\0\0"..., 832)                     = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=2156344, ...})                                              = 0
mmap(NULL, 3985920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0)                           = 0x7f738b60e000
mprotect(0x7f738b7d2000, 2093056, PROT_NONE)                                                        = 0
mmap(0x7f738b9d1000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1c3000) = 0x7f738b9d1000
mmap(0x7f738b9d7000, 16896, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0)       = 0x7f738b9d7000
close(3)                                                                                            = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7f738bbef000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)                            = 0x7f738bbed000
arch_prctl(ARCH_SET_FS, 0x7f738bbed740)                                                             = 0
mprotect(0x7f738b9d1000, 16384, PROT_READ)                                                          = 0
mprotect(0x600000, 4096, PROT_READ)                                                                 = 0
mprotect(0x7f738bbfd000, 4096, PROT_READ)                                                           = 0
munmap(0x7f738bbf0000, 49090)                                                                       = 0
brk(NULL)                                                                                           = 0x18d7000
brk(0x18f8000)                                                                                      = 0x18f8000
brk(NULL)                                                                                           = 0x18f8000
exit_group(0)                                                                                       = ?
+++ exited with 0 +++
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 30.68    0.000112          16         7           mmap
 26.03    0.000095          23         4           mprotect
 13.97    0.000051          12         4           brk
  7.40    0.000027          27         1           munmap
  5.75    0.000021          10         2           open
  5.21    0.000019          19         1           arch_prctl
  4.93    0.000018           9         2           close
  4.66    0.000017          17         1           read
  1.37    0.000005           2         2           fstat
  0.00    0.000000           0         1         1 access
  0.00    0.000000           0         1           execve
------ ----------- ----------- --------- --------- ----------------
100.00    0.000365                    26         1 total

参数 S

配合参数 c来使用,对参数c的结果进行排序,执行排序的列:time、calls、name、nothing,默认是time

[root@centOS:~/test 11:33 $]strace -c -S name  -a 100 ./demo_6
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
  5.30    0.000035          35         1         1 access
  3.33    0.000022          22         1           arch_prctl
 15.28    0.000101          25         4           brk
  6.20    0.000041          20         2           close
  0.00    0.000000           0         1           execve
  8.17    0.000054          27         2           fstat
 28.44    0.000188          26         7           mmap
 16.19    0.000107          26         4           mprotect
  5.45    0.000036          36         1           munmap
  8.17    0.000054          27         2           open
  3.48    0.000023          23         1           read

参数 e

过滤表达式

1、只查看某个进程访问了哪些文件

[root@centOS:~/test 11:42 $]strace -e trace=file -a 100 ./demo_6
execve("./demo_6", ["./demo_6"], 0x7ffd1b2232e0 /* 25 vars */)                                      = 0
access("/etc/ld.so.preload", R_OK)                                                                  = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC)                                                        = 3
open("/lib64/libc.so.6", O_RDONLY|O_CLOEXEC)                                                        = 3
+++ exited with 0 +++

2、只跟踪某个系统调用

strace -e trace=[syscall name] -a 100 ./demo_6

3、只跟踪有关进程控制的系统调用

strace -e trace=process -a 100 ./demo_6

4、跟踪与网络有关的所有系统调用


[root@centOS:~/test 11:49 $]strace -e trace=network -a 100 ./demo_7
socket(AF_INET, SOCK_STREAM, IPPROTO_IP)                                                            = 3
bind(3, {sa_family=AF_INET, sin_port=htons(12345), sin_addr=inet_addr("0.0.0.0")}, 16)              = 0
listen(3, 5)                                                                                        = 0
accept(3, ^C0x7ffc35a29df0, [16])                                                                     = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
strace: Process 27270 detached

5、设置系统调用的参数全部显示

strace -e abbrev=none -a 100 ./demo_6
strace -v  -a 100 ./demo_6

6、设置指定系统调用的参数全部以地址形式显示

strace -e raw=open  -a 100 ./demo_6

7、将某个文件标识符,读或写的数据显示出来

strace -e read=3  -a 100 ./demo_6
strace -e write=3  -a 100 ./demo_

参数 P

只显示某个路径文件的系统调用

[root@centOS:~/test 12:06 $]strace -P /etc/ld.so.preload  -a 100 ./demo_6
access("/etc/ld.so.preload", R_OK)                                                                  = -1 ENOENT (No such file or directory)
+++ exited with 0 +++

参数 E

添加执行程序时环境变量

strace -E LD_PRELOAD=./hack.so -a 100 ./demo_6

移除某个环境变量

strace -E LD_PRELOAD -a 100 ./demo_6

参数 p

指定追踪某个pid

参数 u

以指定的name 的UID和GID执行被跟踪的命令

strace -a 100 -u root ./demo_6

添加新评论