saaujiro@saaujiro-sakabato:~$ strace -e trace=open,close dateWhen using command in above techniques, we need to be aware that, in a few cases,
the true name of a system call differs from the name of its glibc wrapper. For example,
though we refer to all of the wait()-type functions as system calls in Chapter 26, most of
them (wait(), waitpid(), and wait3()) are wrappers that invoke the kernel’s wait4()
system call service routine. This latter name is displayed by strace, and we must
specify that name in the –e trace= option. Similarly, all of the exec library functions
(Section 27.2) invoke the execve() system call. Often, we can make a good guess
about such transformations by looking at the strace output (or looking at the output
produced by strace –c, described below), but, failing that, we may need to check the glibc
source code to see what transformations may be occurring inside wrapper functions.
The strace(1) manual page documents a host of further options to strace, includ-
ing the following:
Output are here
saaujiro@saaujiro-sakabato:~$ strace -e trace=open,close date
open("/etc/ld.so.cache", O_RDONLY) = 3
close(3) = 0
open("/lib/i386-linux-gnu/librt.so.1", O_RDONLY) = 3
close(3) = 0
open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY) = 3
close(3) = 0
open("/lib/i386-linux-gnu/libpthread.so.0", O_RDONLY) = 3
close(3) = 0
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
close(3) = 0
open("/etc/localtime", O_RDONLY) = 3
close(3) = 0
Thu Jun 23 12:26:24 WIT 2011
close(1) = 0
close(2) = 0
0 comments:
Post a Comment