From owner-freebsd-questions@FreeBSD.ORG Tue Feb 8 18:03:02 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1D3F16A4CE for ; Tue, 8 Feb 2005 18:03:02 +0000 (GMT) Received: from hosea.tallye.com (joel.tallye.com [216.99.199.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id E232943D3F for ; Tue, 8 Feb 2005 18:03:00 +0000 (GMT) (envelope-from lorenl@alzatex.com) Received: from hosea.tallye.com (hosea.tallye.com [127.0.0.1]) by hosea.tallye.com (8.12.8/8.12.10) with ESMTP id j18I2XGf005359 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Feb 2005 10:02:34 -0800 Received: (from sttng359@localhost) by hosea.tallye.com (8.12.8/8.12.10/Submit) id j18I2Xo5005357; Tue, 8 Feb 2005 10:02:33 -0800 X-Authentication-Warning: hosea.tallye.com: sttng359 set sender to lorenl@alzatex.com using -f Date: Tue, 8 Feb 2005 10:02:33 -0800 From: "Loren M. Lang" To: Dan Nelson Message-ID: <20050208180233.GF8619@alzatex.com> References: <20050208115928.GE8619@alzatex.com> <20050208162429.GA82752@dan.emsphone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050208162429.GA82752@dan.emsphone.com> User-Agent: Mutt/1.4.1i X-GPG-Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc X-GPG-Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C cc: "Loren M. Lang" cc: FreeBSD Mailing list Subject: Re: ktrace as a replacement for strace X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Feb 2005 18:03:03 -0000 On Tue, Feb 08, 2005 at 10:24:29AM -0600, Dan Nelson wrote: > In the last episode (Feb 08), Loren M. Lang said: > > I'm looking for a replacement for the strace program I used to use on > > linux; freebsd has a port of strace, but it just hangs everytime I > > use it. It looks like the bsd version of strace would be > > ktrace/kdump. I was able to get these to print a trace of the > > program I ran, but it doesn't do all the nice substatuting that > > strace was able to do. Mainly, I just want the first argument of open > > to look like a string instead of a 32 bit pointer that I can't read. > > I'm trying to figure out what files this program is trying to read so > > I can edit it's configuration file. > > The string in the NAMI line immediately after an open() call is the > filename in kdump output. Oh, I never noticed this since I was using grep to filter out the open suyscalls. In strace everything is in one line. Is there anything then that will work like the -e option in strace so I can list just the syscalls I want to see? > > strace actually does work, but I think it's losing a race when it > forks the child process. Try suspending and resuming strace: > > (dan@dan.4) /home/dan> strace date > > ^Z > zsh: 62219 suspended strace date > [1] + suspended strace date > (dan@dan.4) /home/dan> fg > [1] + continued strace date > execve(0xbfbfdef4, [0xbfbfe3b8], [/* 0 vars */]) = 0 > mmap(0, 3920, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0) = 0x28071000 > munmap(0x28071000, 3920) = 0 > ... This does work. > > strace hasn't been updated in a while, though, and has problems parsing > newer syscalls. Take a look at the truss command in the base system, > which does about the same thing as strace. Ktrace has the advantage > that it's less intrusive; both strace and truss have to stop the > process to print out data, which really slow it down. > > -- > Dan Nelson > dnelson@allantgroup.com -- I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C