ltrace命令是用来跟踪进程调用库函数的情况。
ltrace -h
Usage: ltrace [option ...] [command [arg ...]]
Trace library calls of a given program.
-a, --align=COLUMN align return values in a secific column.
-A MAXELTS maximum number of array elements to print.
-b, --no-signals don't print signals.
-c count time and calls, and report a summary on exit.
-C, --demangle decode low-level symbol names into user-level names.
-D, --debug=MASK enable debugging (see -Dh or --debug=help).
-Dh, --debug=help show help on debugging.
-e FILTER modify which library calls to trace.
-f trace children (fork() and clone()).
-F, --config=FILE load alternate configuration file (may be repeated).
-h, --help display this help and exit.
-i print instruction pointer at time of library call.
-l, --library=LIBRARY_PATTERN only trace symbols implemented by this library.
-L do NOT display library calls.
-n, --indent=NR indent output by NR spaces for each call level nesting.
-o, --output=FILENAME write the trace output to file with given name.
-p PID attach to the process with the process ID pid.
-r print relative timestamps.
-s STRSIZE specify the maximum string size to print.
-S trace system calls as well as library calls.
-t, -tt, -ttt print absolute timestamps.
-T show the time spent inside each call.
-u USERNAME run command with the userid, groupid of username.
-V, --version output version information and exit.
-x FILTER modify which static functions to trace.
https://blog.csdn.net/macky0668/article/details/6839520
运行strace,出现问题:
ptrace: Operation not permitted.
早上发现一个进程没有相应, 试图gdb之.
(gdb) attach 30721
Attaching to program: /data0/s/bin/s, process 30721
ptrace: Operation not permitted.
晕倒, 俺已经是sudo权限了. 后来看到一篇博客说:当他已经在 gdb 某个进程时, 试图再利用 gcore 来手动产生一个 core 文件而不得(可以在gdb下用 generate-core-file 完成), 我有所启发, 莫非还有别人在gdb 这个进程.
ps 一下, 发现我的猜想是对的, 我进一步猜想, strace 也应该会失败.
0> strace -p 30721
attach: ptrace(PTRACE_ATTACH, ...): Operation not permitted
果然如此, 两者都用到了 ptrace 这个系统调用. man ptrace 可以查看详情:
The ptrace system call provides a means by which a parent process may observe and control the execution of another pro-cess, and examine and change its core image and registers. It is primarily used to implement breakpoint debugging and system call tracing.
看linux内核详解的话, 应该能给出更深层次的解释, 我现在还留在意会阶段.