How to trace system calls?

Using strace (linux)/truss (AIX) one can trace the system calls as program executes. It can be useful in identifying where a program identify an issue depending on the situation.

Example below shows output when strace is called for echo
$ strace echo “Hello”
execve(“/bin/echo”, [“echo”, “Hello”], [/* 42 vars */]) = 0 — shows process being executed
uname({sys=”Linux”, node=”localhost.localdomain”, …}) = 0
brk(0) = 0x505000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a95556000
access(“/etc/ld.so.preload”, R_OK) = -1 ENOENT (No such file or directory)
open(“/etc/ld.so.cache”, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=101242, …}) = 0
mmap(NULL, 101242, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2a95557000
close(3) = 0
open(“/lib64/tls/libc.so.6”, O_RDONLY) = 3 — libraries being loaded
read(3, “\177ELF\2\1\1\3>\1\240\304\241\f=”…, 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1622288, …}) = 0
mmap(0x3d0ca00000, 2314184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3d0ca00000
mprotect(0x3d0cb2c000, 1085384, PROT_NONE) = 0
mmap(0x3d0cc2c000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12c000) = 0x3d0cc2c000
mmap(0x3d0cc31000, 16328, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3d0cc31000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a95570000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a95571000
mprotect(0x3d0cc2c000, 12288, PROT_READ) = 0
mprotect(0x3d0c914000, 4096, PROT_READ) = 0
arch_prctl(ARCH_SET_FS, 0x2a95570b00) = 0
munmap(0x2a95557000, 101242) = 0
brk(0) = 0x505000
brk(0x526000) = 0x526000
open(“/usr/lib/locale/locale-archive”, O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=48509536, …}) = 0
mmap(NULL, 48509536, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2a95572000
close(3) = 0
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 2), …}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a983b6000
write(1, “Hello\n”, 6Hello — message being written to stdout (1)
) = 6
exit_group(0) = ?

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.