工会网站建设比较好的工会,嘉鱼网站建设公司,深圳优化网站公司,百度wordpress插件下载地址文章目录 背景ltrace原理ltrace使用跟踪程序调用库函数跟踪指定pid进程调用 参考 本文介绍ltrace跟踪 背景
ltrace 会拦截并记录正在执行的进程所调用的动态库调用以及该进程接收到的信号#xff0c;它还可以拦截并打印程序执行的系统调用。 其代码位置在#xff1a;https:/… 文章目录 背景ltrace原理ltrace使用跟踪程序调用库函数跟踪指定pid进程调用 参考 本文介绍ltrace跟踪 背景
ltrace 会拦截并记录正在执行的进程所调用的动态库调用以及该进程接收到的信号它还可以拦截并打印程序执行的系统调用。 其代码位置在https://gitlab.com/cespedes/ltrace.git
ltrace原理
ltrace也是基于ptrace。
ptrace主要是用来跟踪系统调用ltrace使用了下面的方法来跟踪库函数
首先ltrace打开elf文件对其进行分析。在elf文件中出于动态连接的需要需要在elf文件中保存函数的符号供连接器使用。具体格式大家可以参考elf文件的格式。这样ltrace就能够获得该文件中所有系统调用的符号以及对应的执行指令。然后ltrace将该指令所对应的4个字节替换成断点。其实现可以参考Playing with ptrace, Part II。这样在进程执行到相应的库函数后就可以通知到了ltraceltrace将对应的库函数打印出来之后继续执行子进程。
实际上ltrace与strace使用的技术大体相同但ltrace在对支持fork和clone方面不如strace。strace在收到frok和clone等系统调用后做了相应的处理而ltrace没有。
ltrace使用
$ ltrace --help
Usage: ltrace [option ...] [command [arg ...]]
Trace library calls of a given program.-a, --alignCOLUMN align return values in a secific column.-A MAXELTS maximum number of array elements to print.-b, --no-signals dont print signals.-c count time and calls, and report a summary on exit.-C, --demangle decode low-level symbol names into user-level names.-D, --debugMASK enable debugging (see -Dh or --debughelp).-Dh, --debughelp show help on debugging.-e FILTER modify which library calls to trace.-f trace children (fork() and clone()).-F, --configFILE load alternate configuration file (may be repeated).-h, --help display this help and exit.-i print instruction pointer at time of library call.-l, --libraryLIBRARY_PATTERN only trace symbols implemented by this library.-L do NOT display library calls.-n, --indentNR indent output by NR spaces for each call level nesting.-o, --outputFILENAME write the trace output to file with given name.-p PID attach to the process with the process ID pid.-r print relative timestamps.-s STRSIZE specify the maximum string size to print.-S trace system calls as well as library calls.-t, -tt, -ttt print absolute timestamps.-T show the time spent inside each call.-u USERNAME run command with the userid, groupid of username.-V, --version output version information and exit.-x FILTER modify which static functions to trace.Report bugs to ltrace-devellists.alioth.debian.org跟踪程序调用库函数
ltrace-demo.c
#include stdio.h
#include unistd.h
#include sys/wait.h
#include demo-lib.hvoid func1()
{printf(func1\n);
}int main()
{printf(ltrace-demo\n);pid_t r fork();if (r 0) {printf(in child\n);func2();} else if(r 0) {printf(child pid: %d\n, r);func1();}wait(NULL);return 0;
}demo-lib.h
void func2();demo-lib.c
#include demo-lib.h
#include stdio.hvoid func2()
{printf(func2\n);
}编译测试
linux-devlinuxdev:~$ gcc -shared -fPIC -o libdemo-lib.so demo-lib.c
linux-devlinuxdev:~$ gcc -o ltrace-demo ltrace-demo.c -L. -ldemo-lib
linux-devlinuxdev:~$ export LD_LIBRARY_PATH$LD_LIBRARY_PATH:.
linux-devlinuxdev:~$ ltrace -i ./ltrace-demo
[0x5c825eca31fe] puts(ltrace-demoltrace-demo
) 12
[0x5c825eca3203] fork() 1817
[0x5c825eca3246] printf(child pid: %d\n, 1817child pid: 1817
) 16
[0x5c825eca31e0] puts(func1func1
in child
) 6
[0x5c825eca325a] wait(0func2no return ...
[0x7c30b13107a7] --- SIGCHLD (Child exited) ---
[0x5c825eca325a] ... wait resumed ) 1817
[0xffffffffffffffff] exited (status 0) 跟踪指定pid进程调用
linux-devlinuxdev:~$ pidof top
1434
linux-devlinuxdev:~$ sudo ltrace -i -p 1434
[0x618f588eb679] procps_uptime(0x7ffc8ef2b4f0, 0, 0, 0x7d015f325fde) 0
[0x618f588eb831] procps_pids_reap(0x618f611f7420, 0, 0, -3616) 0x618f611f7458
[0x618f588eb814] memcpy(0x618f61218ea0, 0\020J^\001}\0\08\020J^\001}\0\0\020J^\001}\0\0H\020J^\001}\0\0..., 1696) 0x618f61218ea0
[0x618f588eb814] memcpy(0x618f612196b0, 0\020J^\001}\0\08\020J^\001}\0\0\020J^\001}\0\0H\020J^\001}\0\0..., 1696) 0x618f612196b0
[0x618f588eb814] memcpy(0x618f61219ec0, 0\020J^\001}\0\08\020J^\001}\0\0\020J^\001}\0\0H\020J^\001}\0\0..., 1696) 0x618f61219ec0
[0x618f588eb814] memcpy(0x618f6121a6d0, 0\020J^\001}\0\08\020J^\001}\0\0\020J^\001}\0\0H\020J^\001}\0\0..., 1696) 0x618f6121a6d0
[0x618f588dc173] procps_stat_reap(0x618f611de980, 0, 0x618f588f7040, 16) 0x618f611debd0
[0x618f588dc1e3] time(0) 1739018691
[0x618f588dc20b] procps_meminfo_select(0x618f611f6670, 0x618f588f8180, 9, 3) 0x618f6121af38
[0x618f588dbb13] putp(0x618f588fb5e0, 0, 0x618f6121af38, 0x2c6b24) 0
[0x618f588dbb7e] procps_uptime_sprint(72, 0, 0x2f534, 0) 0x7d015f4223a0
[0x618f588dd201] __vsnprintf_chk(0x618f589019c0, 2048, 2, 2048) 68
[0x618f588e00bd] strchr(top - 20:44:51 up 30 min, 3 use..., \n) \n
[0x618f588e01f3] __snprintf_chk(0x7ffc8ef2a5e0, 512, 2, 512) 87
[0x618f588e0300] __snprintf_chk(0x7ffc8ef2ace0, 2048, 2, 2048) 105
[0x618f588e03c5] strcpy(0x7d015eefd010, \033(B\033[mtop - 20:44:51 up 30 min, ...) 0x7d015eefd010
[0x618f588e03cd] putp(0x7d015eefd010, 0x7ffc8ef2acff, 1, 9) 0
[0x618f588e00bd] strchr(, \n) nil
[0x618f588dd201] __vsnprintf_chk(0x618f589019c0, 2048, 2, 2048) 91
[0x618f588e00bd] strchr(Tasks:~3 212 ~2total,~3 1 ~2ru..., \n) \n
[0x618f588e01f3] __snprintf_chk(0x7ffc8ef2a5d0, 512, 2, 512) 20
[0x618f588e01f3] __snprintf_chk(0x7ffc8ef2a5d0, 512, 2, 512) 23
[0x618f588e01f3] __snprintf_chk(0x7ffc8ef2a5d0, 512, 2, 512) 20
[0x618f588e01f3] __snprintf_chk(0x7ffc8ef2a5d0, 512, 2, 512) 23
[0x618f588e01f3] __snprintf_chk(0x7ffc8ef2a5d0, 512, 2, 512) 22参考
ltrace ltrace Playing with ptrace, Part I Playing with ptrace, Part II
