strace is a command to show what a command or process is doing.

Analyzing strace's output

Analyzing strace's output is tedious if you do not know how it goes. You must know that the first keyword in a line of output from strace is always a syscall like open, read, gettimeofday and so on. The meaning its parameters and results can be found with the command

man 2 syscall

output

Here is an example output from strace that we are going to analyze:

open("/lib64/libexpat.so.1", O_RDONLY)  = 6                                     
read(6, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@>\0\0\0\0\0\0"..., 832) = 832                                                                           
fstat(6, {st_mode=S_IFREG|0755, st_size=170240, ...}) = 0                       
mmap(NULL, 2265264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7f5d5ced6000 

analysis

The above example consists of 4 lines that can be analyzed like this:

open("/lib64/libexpat.so.1", O_RDONLY)  = 6                                                  

This first line performs the syscall open on the file /lib64/libexpat.so.1. The file shall be opened read-only (O_RDONLY). This call returns the file descriptor 6. /lib64/libexpat.so.1 is now file number 6. You can get this information from man 2 open.

read(6, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@>\0\0\0\0\0\0"..., 832) = 832                                                                           

The above line reads from the file number 6. The file content is character 177, then the string ELF, then character 2, 1, 1, 0 and so on.

fstat(6, {st_mode=S_IFREG|0755, st_size=170240, ...}) = 0    

Here, fstat tells that file number 6 (/lib64/libexpat.so.1) is a regular file.

mmap(NULL, 2265264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0x7f5d5ced6000 

The above line performs the syscall mmap. See man 2 mmap about the parameters - if you do you will find out that the file with descriptor number 6 is mapped to memory at address 0x7f5d5ced6000.