読者です 読者をやめる 読者になる 読者になる

よかろうもん!

アプリからインフラまで幅広くこなすいまどきのクラウドエンジニアが記す技術ブログ

straceでシステムコールを確認

プロセスにattachしてトレースする時はstraceコマンドを利用する。
利用フォーマットはこんな感じ。

# strace -p [PID]

複数プロセスを同時にattachし、traceする場合は、

# strace -p [PID] -p [PID]

  • f オプションや -F オプションを付けることで、forkおよびvforkした子プロセスもtraceすることが可能になる。
  • o [出力ファイル名] でtraceログを記録することもできる。


サンプルとして、以下のコマンドを実行して ls コマンドをstraceで追っかけてみる。

# strace -o result.log ls

結果はこんな感じ。

xecve("/bin/ls", ["ls"], [/* 38 vars */]) = 0
brk(0) = 0x805f000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f2b000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=52724, ...}) = 0
mmap2(NULL, 52724, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f1e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/tls/i686/cmov/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\31"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=30624, ...}) = 0
mmap2(NULL, 33360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f15000
mmap2(0xb7f1c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x6) = 0xb7f1c000
close(3) = 0

・・・(略)

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d84000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7d83000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7d83720, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7eee000, 4096, PROT_READ) = 0
munmap(0xb7f1e000, 52724) = 0
set_tid_address(0xb7d83768) = 12152
set_robust_list(0xb7d83770, 0xc) = 0
futex(0xbfc41970, 0x81 /* FUTEX_??? */, 1) = 0
rt_sigaction(SIGRTMIN, {0xb7d912c0, , SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xb7d91340,
, SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="sonic", ...}) = 0
brk(0) = 0x805f000
brk(0x8080000) = 0x8080000
open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
statfs64("/selinux", 84, 0xbfc408fc) = -1 ENOENT (No such file or directory)
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f2a000
read(3, "rootfs / rootfs rw 0 0\nnone /sys"..., 1024) = 878
read(3, "", 1024) = 0
close(3) = 0

・・・(略)

open("/usr/lib/locale/ja_JP.utf8/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=113, ...}) = 0
mmap2(NULL, 113, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d82000
close(3) = 0
open("/usr/lib/locale/ja_JP.UTF-8/LC_MONETARY", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/locale/ja_JP.utf8/LC_MONETARY", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=290, ...}) = 0
mmap2(NULL, 290, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d81000
close(3) = 0
open("/usr/lib/locale/ja_JP.UTF-8/LC_COLLATE", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/locale/ja_JP.utf8/LC_COLLATE", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=439694, ...}) = 0
mmap2(NULL, 439694, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7d15000
close(3) = 0


ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=31, ws_col=111, ws_xpixel=0, ws_ypixel=0}) = 0
open(".", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY|0x80000) = 3
fstat64(3, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
getdents64(3, /* 59 entries */, 4096) = 1960
getdents64(3, /* 0 entries */, 4096) = 0
close(3) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7c90000
write(1, "install projects result.log\n", 30) = 30
close(1) = 0
munmap(0xb7c90000, 4096) = 0
close(2) = 0
exit_group(0) = ?


少し追っかけてみるだけでも、lsコマンドを発行した際に、どのようなライブラリを読み込もうとしているのかがわかります。
まだまだオプションはいろいろとありそうなので、これからはその使い方を勉強していきます。