strace调试工具编译
git clone --depth 1 https://github.com/strace/strace.git
编译
# 生成configure配置文件 ./bootstrap # 编译环境配置,生成 Makefile ./configure --prefix=/home/deck/strace --host=x86_64-linux-gnu LDFLAGS="-static" # 编译 make -j$(nproc) # 安装 make install
--prefix:指定安装目录
LDFLAGS="-static":把所有依赖库打包进二进制文件,生成独立静态可执行文件
build、host和target
build:你“在哪里编译”
host:你“编译出来跑在哪里”
target:你“生成的工具要操作谁”
build 编译 host,host 运行 target
--build:一般不用写,会自动检测
--host:程序最终运行平台,应用层程序必须指定该项
--target:一般编译gcc binutils等编译工具才指定该项,应用层程序不用指定
查看目标机器需要指定的host值
$ gcc -dumpmachine x86_64-pc-linux-gnu $ gcc -v | grep target Target: x86_64-pc-linux-gnu $ uname -m x86_64
| 输出 | 对应 host |
|---|---|
| x86_64 | x86_64-linux-gnu |
| aarch64 | aarch64-linux-gnu |
| armv7l | arm-linux-gnueabihf |
| i686 | i686-linux-gnu |
查看程序依赖的动态库
$ ldd strace
not a dynamic executable
这种情况表示程序不依赖动态库,可独立运行
$ ldd strace linux-vdso.so.1 (0x00007fc970704000) libdw.so.1 => /usr/lib/libdw.so.1 (0x00007fc970635000) libc.so.6 => /usr/lib/libc.so.6 (0x00007fc970010000) libelf.so.1 => /usr/lib/libelf.so.1 (0x00007fc970619000) libz.so.1 => /usr/lib/libz.so.1 (0x00007fc970600000) libzstd.so.1 => /usr/lib/libzstd.so.1 (0x00007fc96ff2b000) liblzma.so.5 => /usr/lib/liblzma.so.5 (0x00007fc9705cc000) libbz2.so.1.0 => /usr/lib/libbz2.so.1.0 (0x00007fc9705b7000) /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007fc970706000)
这种情况表示程序需要依赖相关动态库才可运行
strace用法
strace -ff -tt -T -s 200 -o trace.log ls strace -p <PID> -ff -tt -T -s 500 -e trace=ioctl,openat,read,write,mmap
-ff:fork 后的子进程也跟踪,并单独输出文件
trace.log
trace.log.1234
trace.log.1235-f:fork 后的子进程也跟踪,但输出到一个文件
-tt:输出精确时间戳(微秒级)
12:01:01.123456 execve(...)-T:显示每个 syscall 花费时间
open(...) = 3 <0.000012>
< > 里是耗时-s:打印字符串最大长度
-p <PID>:跟踪PID进程
-e:过滤要跟踪的系统调用
-o:输出结果到指定文件
输出示例
$strace -ff -tt -T -s 200 /bin/busybox insmod scull.ko
05:26:27.530417 execve("/bin/busybox", ["/bin/busybox", "insmod", "scull.ko"], 0x7ffdaceea9d8 /* 4 vars */) = 0 <0.003151>
05:26:27.555407 arch_prctl(ARCH_SET_FS, 0x53c2b8) = 0 <0.000446>
05:26:27.558446 set_tid_address(0x53cd28) = 97 <0.000302>
05:26:27.560870 prctl(PR_GET_NAME, "busybox") = 0 <0.000330>
05:26:27.564195 getuid() = 0 <0.000254>
05:26:27.566626 brk(NULL) = 0x34724000 <0.000316>
05:26:27.568575 brk(0x34726000) = 0x34726000 <0.000226>
05:26:27.570176 mmap(0x34724000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x34724000 <0.000566>
05:26:27.576395 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f143401d000 <0.000667>
05:26:27.582459 open("scull.ko", O_RDONLY|O_LARGEFILE) = 3 <0.000567>
05:26:27.586236 read(3, "\177E", 2) = 2 <0.002112>
05:26:27.593699 fstat(3, {st_mode=S_IFREG|0644, st_size=326088, ...}) = 0 <0.000271>
05:26:27.598426 mmap(NULL, 326679, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f1433fcd000 <0.000472>
05:26:27.601821 read(3, "LF\2\1\1\0\0\0\0\0\0\0\0\0\1\0>\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\354\4\0\0\0\0\0\0\0\0\0@\0\0\0\0\0@\0007\0006\0\0\0\0\0\0\0\0\0\0\0\0\09\0\3\t\0\0\0\0\0\0\>
05:26:27.613465 read(3, "", 570) = 0 <0.000189>
05:26:27.615729 close(3) = 0 <0.000251>
05:26:27.617767 init_module(0x7f1433fcd030, 326088, ""[ 138.247692] scull: loading out-of-tree module taints kernel.
) = 0 <0.024347>
05:26:27.645009 exit_group(0) = ?
05:26:27.650485 +++ exited with 0 +++
浙公网安备 33010602011771号