strace 是linux下常用的跟蹤程式系統呼叫的工具。
strace簡介
可使用 strace 來跟蹤 cmd 所使用的系統呼叫,原理是 strace 程序 fork 乙個子程序並使用 ptrace 系統呼叫設定和監聽子程序的狀態。使用 strace -f 可以跟蹤cmd和它的子程序
下面給出乙個簡單的使用 strace 的例子:
$ strace ls > /dev/null
execve("/bin/ls", ["ls"], [/* 73 vars */]) = 0
brk(null) = 0xe0b000
access("/etc/ld.so.nohwcap", f_ok) = -1 enoent (no such file or directory)
access("/etc/ld.so.preload", r_ok) = -1 enoent (no such file or directory)
... 省略若干記錄 ...
open(".", o_rdonly|o_nonblock|o_directory|o_cloexec) = 3
fstat(3, ) = 0
getdents(3, /* 5 entries */, 32768) = 144
getdents(3, /* 0 entries */, 32768) = 0
close(3) = 0
fstat(1, ) = 0
write(1, "ss.txt\ts.txt test.txt\n", 23) = 23
close(1) = 0
close(2) = 0
exit_group(0) = ?
+++ exited with 0 +++
當想要了解 strace ls 這一程式呼叫了哪些系統呼叫時,很自然的想法是使用 strace -f strace ls
,在shell中鍵入了該命令後,得到如下結果:
execve("/usr/bin/strace", ["strace", "ls"], [/* 73 vars */]) = 0
brk(null) = 0x5622d1bbe000
access("/etc/ld.so.nohwcap", f_ok) = -1 enoent (no such file or directory)
access("/etc/ld.so.preload", r_ok) = -1 enoent (no such file or directory)
... 省略若干記錄 ...
clone(child_stack=0, flags=clone_child_cleartid|clone_child_settid|sigchld, child_tidptr=0x7f2c05b119d0) = 26385
ptrace(ptrace_seize, 26385, null, null) = -1 eperm (operation not permitted)
kill(26385, sigkill) = 0
wait4(26385, strace: exit of unknown pid 26385 ignored
, 0, null) = 26385
--- sigchld ---
stat("/usr/local/sbin/ls", 0x7ffe6b864fc0) = -1 enoent (no such file or directory)
stat("/usr/local/bin/ls", 0x7ffe6b864fc0) = -1 enoent (no such file or directory)
stat("/usr/sbin/ls", 0x7ffe6b864fc0) = -1 enoent (no such file or directory)
stat("/usr/bin/ls", 0x7ffe6b864fc0) = -1 enoent (no such file or directory)
stat("/sbin/ls", 0x7ffe6b864fc0) = -1 enoent (no such file or directory)
stat("/bin/ls", ) = 0
stat("/bin/ls", ) = 0
clone(child_stack=0, flags=clone_child_cleartid|clone_child_settid|sigchld, child_tidptr=0x7f2c05b119d0) = 26386
strace: process 26386 attached
[pid 26384] rt_sigaction(sigttou, , null, 8) = 0
[pid 26384] rt_sigaction(sigttin, , [pid 26386] ptrace(ptrace_traceme, 0, null, null [pid 26384] <... rt_sigaction resumed> null, 8) = 0
[pid 26386] <... ptrace resumed> ) = -1 eperm (operation not permitted)
... 省略若干記錄 ...
[pid 26384] wait4(-1, [pid 26386] write(2, "strace: ptrace(ptrace_traceme, ."..., 61strace: ptrace(ptrace_traceme, ...): operation not permitted
) = 61
[pid 26386] exit_group(1) = ?
[pid 26386] +++ exited with 1 +++
<... wait4 resumed> , __wall, null) = 26386
--- sigchld ---
rt_sigprocmask(sig_block, [hup int quit pipe term], null, 8) = 0
write(2, "+++ exited with 1 +++\n", 22+++ exited with 1 +++
) = 22
rt_sigprocmask(sig_setmask, , null, 8) = 0
wait4(-1, 0x7ffe6b8660f4, __wall, null) = -1 echild (no child processes)
rt_sigprocmask(sig_block, [hup int quit pipe term], null, 8) = 0
exit_group(1) = ?
+++ exited with 1 +++
ptrace(ptrace_traceme, 0, null, null) = -1 eperm (operation not permitted)
這一條記錄。
出現的原因可能是沒有以root身份執行。當使用root執行時若還出現了這種情況,則可以修改 /proc/sys/kernel/yama/ptrace_scope 這一檔案,以root許可權執行
echo 0 > /proc/sys/kernel/yama/ptrace_scope
命令,修改ptrace 的相關許可權
使用 strace strace ls 是不會出現上述問題的,因為第乙個strace只跟蹤後乙個strace程序,而不會進一步跟蹤其子程序。
is uploaded file函式引發的問題
起因 在利用moophp的乙個專案中,接到使用者反饋說其所有客戶不能上傳檔案,都返回失敗。經過排查發現是php中的is uploaded file函式在 搗鬼。細節分析 在正常情況下,通過php 上傳檔案 需要通過is uploaded file函式來判斷檔案是否是通過 http post 上傳的,...
記一次noprefixroute引發的問題
ip addr顯示內容 inet 中包含 noprefixroute,看著礙眼想去掉,不知道怎麼弄。最終找到了一台不顯示這項引數的機器,開啟其 etc sysconfig network scripts ifcfg ethx,多方比對發現配置了nm controlled no。該引數預設為yes,竟...
Linq中Count 和Any 引發的效率問題
1 count和any 今天看了0 來判斷集合非空 href target blank 鶴沖天的文章 linq 切勿使用 count 0 來判斷集合非空 有所收穫,寫下文章總結一下 先看如下 1 static void main string args 212 public static ienum...