strace 是如何工作的? [英] How does strace work?

问题描述

它可以跟踪所有使用的系统调用.

It can trace all system calls used.

但是 sys_call 与普通调用有什么不同??

But what differs a sys_call from a normal call??

推荐答案

正如 Matthew 所说，strace 使用 ptrace(2) 系统调用来发挥它的魔力.ptrace 用于实现调试器和其他需要检查另一个程序正在做什么的工具.本质上，strace 将调用 ptrace 并附加到目标进程.

As Matthew said, strace uses the ptrace(2) system call to work its magic. ptrace is used to implement debuggers and other tools which need to inspect what another program is doing. Essentially, strace will call ptrace and attach to a target process.

每当目标进程进行系统调用时，它就会停止，并且会通知strace.然后，strace 将检查目标进程的寄存器和堆栈(也使用 ptrace)以确定正在进行的系统调用(每个调用都有一个唯一的编号，在寄存器中传递)以及参数是什么.strace 然后恢复该过程.当它从系统调用返回时，它被停止，并再次通知strace，因此它可以检查返回值.每次发生这种情况时，strace 都会为用户打印一些信息.

Whenever the target process makes a system call, it will stop, and strace will be notified. strace will then inspect the registers and stack of the target process (also using ptrace) to determine what system call was being made (each call has a unique number, passed in a register) and what the arguments were. strace then resumes the process. When it returns from the system call, it is stopped, and strace is notified again, so it can inspect the return value. strace prints some information for the user each time this happens.

回答你的第二个问题，系统调用与普通函数调用的区别在于系统调用是在内核中实现的，而普通函数是在用户空间中实现的.不过，那是完全独立的蠕虫罐头.

In response to your second question, a system call is different from a normal function call in that a system call is implemented in the kernel, while a regular function is implemented in userspace. That's a whole separate can of worms though.

这篇关于strace 是如何工作的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！