When Daemons Attack: Debugging Linux Applications
Notes from a talk I gave to the Brandeis University Computer Operators Group. Call tracing System call tracing — strace (Linux), truss (BSD), strace for NT Library call tracing — ltrace (Linux/BSD) Trace example ( ltrace -S ) First, the program is linked and loaded… SYS_uname(0xbffff600) = 0 SYS_brk(NULL) = 0x0804c000 SYS_open("/etc/ld.so.preload", 0, 010000210574) = -2 SYS_open("/etc/ld.so.cache", 0, 00) = 3 SYS_fstat64(3, 0xbfffeda0, 0x400114ac, 0, 0x400115e4) = 0 SYS_mmap(0xbfffed70, 0, 0x400114ac, 3, 0x40011594) = 0x40012000 SYS_close(3) = 0 SYS_open("/lib/libc.so.6", 0, 027777767210) = 3 SYS_read(3, "\177ELF\001\001\001", 1024) = 1024 SYS_fstat64(3, 0xbfffedf0, 0x400114ac, 0, 0x400115e4) = 0 SYS_mmap(0xbfffecd0, 0x40011d30, 0x400114ac, 2, 0xbfffecf0) = 0x40029000 SYS_mprotect(0