Difference between revisions of "Strace: what a process does"
From Linuxintro
imported>ThorstenStaerk (New page: strace is a command to show what a command or process is doing. = Analyzing strace's output = Analyzing strace's output is tedious, so it is shown here as an example. Here is an exam...) |
imported>ThorstenStaerk |
||
| Line 9: | Line 9: | ||
fstat(6, {st_mode=S_IFREG|0755, st_size=170240, ...}) = 0 | fstat(6, {st_mode=S_IFREG|0755, st_size=170240, ...}) = 0 | ||
mmap(NULL, 2265264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7f5d5ced6000 | mmap(NULL, 2265264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7f5d5ced6000 | ||
| + | |||
Here is it again, analyzed line by line: | Here is it again, analyzed line by line: | ||
open("/lib64/libexpat.so.1", O_RDONLY) = 6 | open("/lib64/libexpat.so.1", O_RDONLY) = 6 | ||
| − | + | This first line performs the syscall open on the [[file]] /lib64/libexpat.so.1. The file shall be opened read-only (O_RDONLY). This call returns the file descriptor 6. | |
read(6, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@>\0\0\0\0\0\0"..., 832) = 832 | read(6, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@>\0\0\0\0\0\0"..., 832) = 832 | ||
The above line reads from the file with the descriptor number 6. The file content is character 177, then the string ELF, then character 2, 1, 1, 0 and so on. | The above line reads from the file with the descriptor number 6. The file content is character 177, then the string ELF, then character 2, 1, 1, 0 and so on. | ||
fstat(6, {st_mode=S_IFREG|0755, st_size=170240, ...}) = 0 | fstat(6, {st_mode=S_IFREG|0755, st_size=170240, ...}) = 0 | ||
mmap(NULL, 2265264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7f5d5ced6000 | mmap(NULL, 2265264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7f5d5ced6000 | ||
| − | The above line performs the syscall mmap. See man 2 mmap about the parameters. | + | The above line performs the syscall mmap. See [http://man-wiki.net/index.php/2:mmap man 2 mmap] about the parameters - if you do you will find out that the file with descriptor number 6 is mapped to memory at address 0x7f5d5ced6000. |
Revision as of 05:17, 21 February 2010
strace is a command to show what a command or process is doing.
Analyzing strace's output
Analyzing strace's output is tedious, so it is shown here as an example.
Here is an example output from strace:
open("/lib64/libexpat.so.1", O_RDONLY) = 6
read(6, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@>\0\0\0\0\0\0"..., 832) = 832
fstat(6, {st_mode=S_IFREG|0755, st_size=170240, ...}) = 0
mmap(NULL, 2265264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7f5d5ced6000
Here is it again, analyzed line by line:
open("/lib64/libexpat.so.1", O_RDONLY) = 6
This first line performs the syscall open on the file /lib64/libexpat.so.1. The file shall be opened read-only (O_RDONLY). This call returns the file descriptor 6.
read(6, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@>\0\0\0\0\0\0"..., 832) = 832
The above line reads from the file with the descriptor number 6. The file content is character 177, then the string ELF, then character 2, 1, 1, 0 and so on.
fstat(6, {st_mode=S_IFREG|0755, st_size=170240, ...}) = 0
mmap(NULL, 2265264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7f5d5ced6000
The above line performs the syscall mmap. See man 2 mmap about the parameters - if you do you will find out that the file with descriptor number 6 is mapped to memory at address 0x7f5d5ced6000.
