Difference between gdb, valgrind, strace, ltrace and apport [closed]
Difference between gdb, valgrind, strace, ltrace and apport [closed]
strace
What do these strace system calls mean?
In order to understand these, you have to get familiar with the POSIX system calls. They are the interface a user-space program uses to interact with the kernel. lseek, write, close, mmap, munmap and fstat are all system calls and are documented in section 2 of the linux manual. Briefly, lseek moves the internal pointer … Read more
Stracing to attach to a multi-threaded process
2021 update strace -fp PID just does the right thing on my system (Ubuntu 20.04.1 LTS). The strace manual page points this out: -f Trace child processes as they are created by currently traced processes as a result of the fork(2), vfork(2) and clone(2) system calls. Note that -p PID -f will attach all threads … Read more
How does ptrace work in Linux?
When the attached child process invokes a system call, the ptracing parent process can be notified. But how exactly does that happen? Parent process calls ptrace with PTRACE_ATTACH, and his child calls ptrace with PTRACE_TRACEME option. This pair will connect two processes by filling some fields inside their task_struct (kernel/ptrace.c: sys_ptrace, child will have PT_PTRACED … Read more
How does strace connect to an already running process?
strace -p <PID> —-> To attach a process to strace. “-p” option is for PID of the process. strace -e trace=read,write -p <PID> –> By this you can also trace a process/program for an event, like read and write (in this example). So here it will print all such events that include read and write … Read more
How can I get dtrace to run the traced command with non-root priviledges?
The easiest way is to use sudo: sudo dtruss -f sudo -u $USER whoami Other solution would be to run the debugger first and monitor for new specific processes. E.g. sudo dtruss -fn whoami Then in another Terminal simply run: whoami Simple as that. More tricky arguments you can find in the manual: man dtruss … Read more
Get all modules/packages used by a python project
You can give a try to the library https://github.com/bndr/pipreqs found following the guide https://www.fullstackpython.com/application-dependencies.html The library pipreqs is pip installable and automatically generates the file requirements.txt. It contains all the imports libraries with versions you are using in the virtualenv or in the python correctly installed. Just type: pip install pipreqs pipreqs /home/project/location It will … Read more
Systrace for Windows
A few options: Process Monitor Also, see this article about tools built into Windows 7: Core OS Tools
How to trace system calls of a program in Mac OS X?
Under current versions of macOS, executables under paths covered by SIP (like /usr/bin) cannot be traced. You can bypass this by making a copy of the executable in your home directory and tracing the copy: cp /usr/bin/find find codesign –remove-signature ./find sudo dtruss ./find … You needed to remove the code signature from the new … Read more
How to solve “ptrace operation not permitted” when trying to attach GDB to a process?
If you are using Docker, you will probably need these options: docker run –cap-add=SYS_PTRACE –security-opt seccomp=unconfined If you are using Podman, you will probably need its –cap-add option too: podman run –cap-add=SYS_PTRACE