1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
.. _syscall:
+++++++++++++++++++++++++++++
Trace system calls (syscalls)
+++++++++++++++++++++++++++++
python-ptrace can trace system calls using ``PTRACE_SYSCALL``.
PtraceSyscall
=============
ptrace.syscall module contains PtraceSyscall class: it's a parser of Linux
syscalls similar to strace program.
Example::
connect(5, <sockaddr_in sin_family=AF_INET, sin_port=53, sin_addr=212.27.54.252>, 28) = 0
open('/usr/lib/i686/cmov/libcrypto.so.0.9.8', 0, 0 <read only>) = 4
mmap2(0xb7e87000, 81920, 3, 2066, 4, 297) = 0xb7e87000
rt_sigaction(SIGWINCH, 0xbfb7d4a8, 0xbfb7d41c, 8) = 0
You can get more information: result type, value address, argument types, and
argument names.
Examples::
long open(const char* filename='/usr/lib/i686/cmov/libcrypto.so.0.9.8' at 0xb7efc027, int flags=0, int mode=0 <read only>) = 4
long fstat64(unsigned long fd=4, struct stat* buf=0xbfa46e2c) = 0
long set_robust_list(struct robust_list_head* head=0xb7be5710, size_t len_ptr=12) = 0
strace.py
=========
Program strace.py is very close to strace program: display syscalls of a program. Example:
Features
--------
* Nice output of signal: see [[signal|python-ptrace signal handling]]
* Supports multiple processes
* Can trace running process
* Can display arguments name, type and address
* Option ``--filename`` to show only syscall using file names
* Option ``--socketcall`` to show only syscall related to network (socket usage)
* Option ``--syscalls`` to list all known syscalls
Example
-------
::
$ ./strace.py /bin/ls
execve(/bin/ls, [['/bin/ls'],|[/* 40 vars */]]) = 756
brk(0) = 0x0805c000
access('/etc/ld.so.nohwcap', 0) = -2 (No such file or directory)
mmap2(NULL, 8192, 3, 34, -1, 0) = 0xb7f56000
access('/etc/ld.so.preload', 4) = -2 (No such file or directory)
(...)
close(1) = 0
munmap(0xb7c5c000, 4096) = 0
exit_group(0)
---done---
Options
-------
The program has many options. Example with ``--socketcall`` (display only
network functions)::
$ ./strace.py --socketcall nc localhost 8080
execve(/bin/nc, [['/bin/nc',|'localhost', '8080']], [[/*|40 vars */]]) = 12948
socket(AF_FILE, SOCK_STREAM, 0) = 3
connect(3, <sockaddr_un sun_family=AF_FILE, sun_path=/var/run/nscd/socket>, 110) = -2 (No such file or directory)
socket(AF_FILE, SOCK_STREAM, 0) = 3
connect(3, <sockaddr_un sun_family=AF_FILE, sun_path=/var/run/nscd/socket>, 110) = -2 (No such file or directory)
socket(AF_INET, SOCK_STREAM, 6) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, 3217455272L, 4) = 0
connect(3, <sockaddr_in sin_family=AF_INET, sin_port=8080, sin_addr=127.0.0.1>, 16) = -111 (Connection refused)
(...)
|
