Wednesday, 20 May 2015


strace is a useful diagnostic, instructional, and debugging tool.

Strace monitors the system calls and signals of a specific program. It is helpful when you do not have the source code and would like to debug the execution of a program. strace provides you the execution sequence of a binary from start to end.

strace shows you how data is passed between the program and the kernel. With no options, strace prints a line for each system call. It shows the call name, given arguments, return value, and any generated error messages. A signal is printed with both its signal symbol and a descriptive string. As it shows the data transfer between user and kernel-space, strace is very useful as both a diagnostic utility for system administrators and a debugging tool for programmers. By default, the output is written to standard error.

Trace the Execution of an Executable
strace ls

Trace a Specific System Calls in an Executable Using Option -e
strace -e open ls

Save the Trace Execution to a File Using Option -o
strace -o output.txt ls

Execute Strace on a Running Linux Process Using Option -p
ps -C firefox-bin

Print Timestamp for Each Trace Output Line Using Option -t
strace -t -e open ls /home

Print Relative Time for System Calls Using Option -r
strace -r ls

Generate Statistics Report of System Calls Using Option -c
strace -c ls /home

eg :-
strace -p 3107
strace -d -p 3107

To print instruction pointer at the time of system call
strace -i -p 3111

To print time stamps of the system call
strace -t -p 3111


-a n
Align the return values in column n. The default is 40.

Count system calls, errors, signals, and time and provide a summary report when the program has ended.

Debug mode. Print debugging information for strace on stderr.

-e [keyword=] [!] values
Pass an expression to strace to limit the types of calls or signals that are traced or to change how they are displayed. If no keyword is given, trace is assumed. The values can be given as a comma-separated list. Preceding the list with an exclamation point (!) negates the list. The special values all and none are valid, as are the values listed with the following keywords.

abbrev=names Abbreviate output from large structures for system calls listed in names. read=descriptors Print all data read from the given file descriptors. signal=symbols Trace the listed signal symbols (for example, signal=SIGIO,SIGHUP).

sets may be a list of system call names or one of the following:

Calls that take a filename as an argument.

Interprocess communication.


Process management.


Print arguments for the given system calls in hexadecimal.

Unabbreviate structures for the given system calls. Default is none.

Print all data written to the given file descriptors.

Trace forked processes.

Write system calls for forked processes to separate files named when using the -o option.

Print help and exit.

Print the current instruction pointer with each system call.

-o filename
Write output to filename instead of stderr. If filename starts with the pipe symbol |, treat the rest of the name as a command to which output should be piped.

-O n
Override strace's built-in timing estimates, and just subtract n microseconds from the timing of each system call to adjust for the time it takes to measure the call.

-p pid
Attach to the given process ID and begin tracking. strace can track more than one process if more than one option -p is given.

Type Ctrl-C to end the trace.

Quiet mode. Suppress attach and detach messages from strace.

Relative timestamp. Print time in microseconds between system calls.

-s n
Print only the first n characters of a string. Default value is 32.

-S value
Sort output of -c option by the given value. value may be calls, name, time, or nothing. Default is time.

Print time spent in each system call.

Print time of day on each line of output.

Print time of day with microseconds on each line of output.

Print timestamp on each line as the number of seconds and microseconds since the Epoch.

-u username
Run command as username. Needed when tracing setuid and setgid programs.

Print version and exit.

Verbose. Do not abbreviate structure information.

Print all non-ASCII strings in hexadecimal.

Print all strings in hexadecimal.


No comments:

Post a Comment