如何将shell中的strace解析为纯文本？ [英] How to parse strace in shell into plain text?

问题描述

我已经通过 strace 命令就像运行PHP一样：

  sudo strace -e sendto -fp $（pgrep -n php ）-o strace.log 
  

输出如下：

11208 sendto（4，set 29170397297_-cache-schema 85 0 127240\rr\\\
\257\202\v\\ \\0？\0\0\0\2\27\10stdClass\24\7\21\3cid\21\6schema\21\4d\37ata\ 25\\\
\247\21\5block\24\6\21\6fields\24\f\21\3bid\24\2\5\21\\ \\ 4type 0\37erial\21\10not null\5\21\6module\24\4\16\7\21\7va\37rchar\21\6length\\ \\6 @ \16\t\5\21\7default\r\21\5de\2lta @ \5\16\v \16\f\6 \35\7\16\r\21\0010\21\5t \207 C \30 @ 6\2\16\r\rn\4tatus @ 0\4\21\3int / \7\6\0\21 \4size \222\finy\21\6weight\24\3; \0\22\300 \6\6region @ 8\340\5P\5自定义 \27\300，\17\16\23\16\24\21\\\
visibility\340\t\34\7\5pages\ c \\ c \\ n \vprimary key\24\1\6\0\16\6\21\vunique @ \21\ts\24\1\21\3tmd\24 \3 \31\0\20 2\v\\\
\6\2\16\16\21\7index \210\\ 10\1\21\4list\24\5\240\36\0\21 \36\10\26\6\3\16\25\\ \\ 6\4\16\\\
\1\6\4\21\4name \7\0\\\
a\317\2_ro \ 252\0\5！$ \0\\\
\3\341\2\23\0\16\340\0\16A\214\2\ 21\3r！\354 @ \v\22\21\10unsigned\5 @ \332\0\36 \213\0\\\
\\ \\213\0\16 l\6％\16！\24\1\16％ \271\0％@ p\5\16＃ \16 $ \21\f\200l\241b @ n\2\4\16\6 M\2\10\16&安培; @ E\\ \\ 4\21\4bod\201_\5\32\16\t\4\16\23B\\\2g\16\34\30\ 3info .\0\7a\255\0\200 @ q！L\5\6forma\201\332B /！d\2\4\16\37 y\\ \\0 * y\0 \225a; \240\201\2'\21\van\0 _ \207 \200\2\5\16\1\340\0U = @ U\1\16\3 @ \222 \212\2lob @ O\\ \
\23\16）\21\6expire @ \30\342\0\26\7\21\7create\241\17 < ; \25\0\\\
\203\1\\177\0d Y \0\22 \305\5\5small\240 ！a\32\0。 \230\0.\240\240\0\1\240\240\3，\21\vb S\2kpo\\313\2s\24\6！\220\2\t\21\2\241q\0\10？\4\ 21\tno \213\6ort\5\21\fm\; \3ine_A\313 \232\241\3\2\ 5\16＃\340\4\16！\345\340\0U \223\340\0'AC\4sourc\202\202 \340\3\27\0\v\200\27\0_C\326\340\0074\1\16\21 _ \240\363\2\1\16\25\340\3\16\r\0\21\vmultipliers \31\ 0- \223\1\21\t\341\0\30B-\\\\1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, \\v\0005ac \327Dz\\364 \20\0\10 \6\0 @ \333\r\0165\16\36\0163\ 21 \\\\\ \\0_\340\1\375\fs\21\3api\24\4\21\5own F\0062\16C\16B\21\ 17 H\5imum_v \260 $ \25\7\6\1\21\17curr m\340\1\22！\242\0002\\305 \0022\21\20\340\1N\5_groupa\247\2\6\0163 \352\0\10 \352\ 2\0164\5 \325C％\341\0P\341\5\220\1\0162aQA\26\4\16：\5\21\ 17/221 \7 C\\ 340\0a！\312\1\\\
o \300＃\240！& } \241\237\0\0\242e\341\\ \\4n\5\16; \24\10\16< \7\2 = \21\35\340\1m\0 \320\0 \342\3XAz\v\16> \ 16G\16？\16 @ \16A\21\30\341\tT\201\5\1\21\22\200\243\0B0\\ \\ 6 string＃o\4toolsbD\1\16C \260\0D！D\4C\16L\16E！P\0F \3\201T\16G\21\ 21ckeditor_set％\266\0gE\323\0\5％Q \0＃4 @ \345！）\w＃\372\1\21\10\340 \0！\0\1 \31\0\32\240\334\4＃\16\\\
\21\10\300D \r\2O \21\25\300\r\6_input_\244 + \340\16V\1\16 + \31\340\4h X\0\2！ /\ \24\10\21\7 @ \v\0_\243\257\301\ [ \254&安培; f`\346\〜\6\vcollap&安培; q％\227\340\6\35\2\0\21\t\240\\ \\35\344\1a\3009\0\0＃$ \212\300.\0001\200L \247\1enFl\344\0\216\300 ，\0\1G\5\3view\340\0002\300\177 \372\0\1K\0T！...，8196，MSG_NOSIGNAL | MSG_MORE， NULL，0）= 8196

这听起来像普通的 C转义代码。

我试图在shell中解码它们 printf like：

  while read line; do printf％s$ line;完成<（cat strace.log | head -n2）
  

但它失败（看起来像没有'没有任何意义）：

11208 sendto（4，set 29170397297_-cache-schema 85 0 127240rn257202v0？ 00022710stdClass247213cid216schema214d37ata25n247215block246216fields24f213bid2425214type 037erial2110not null5216module244167217va37rchar216length6 @ 16t5217defaultr215de2lta @ 516v16f6 35716r210010215t 207 C 30 @ 6216rr n4tatus @ 04213int / 760214size 222finy216weight243; 022300 66region @ 83405P5custom 27300,171623162421nvisibility340t3475pages242 20534tex @ 206 2611it 36​​505240 0377 y10r21ftransl！N2ble％1ca！a3403Q01 n31vprimary key2416016621vunique @ 21ts241213tmd243 31020 2vn621616217index 210101214list24524036021 3610266316256416n 164214name 70na3172_ro 25205！$ 0n 3341223016340016A2142213r！354 @ v222110unsigned5 @ 332036 2130n 213016 l6％16！24116％ 2710％@ p516＃16 $ 21f200l241b @ n24166 M21016和放大器; @ E4214bod201_53 216t41623B\2g1634 303info .07a2550200 @ q！L56forma201332B /！d241637 y0 * y0 225a; 2402012'21van0 _ 207 200251613400U = @ U1163 @ 222 2122lob @ On2316）216expire @ 303420267217create24117 250n20311770d Y022 30555small240！a320.`2300.240240012402403,21vb S2kpo3132s246！2202t212241q010 ...




有没有更好的方法来解析 strace 命令的输出，以查看传递给的简单字符串recvfrom / sendto ？

理想情况下，可以打印包含新行的可打印字符（ \r\\\
），但是截止NULL和其他不可打印的字符？

解决方案

为什么读取不起作用，因为shell已经转义了字符，所以字符串被双倍转义，因此 \r \\\
打印为 rn 。

To 忽略外壳转义字符，您可以使用读取-r ，允许反斜杠转义任何字符（所以他们被字面上处理）。这是一个例子：

  while -r line; do printf％b\\\
$ line;完成strace.log |字符串
  

由于它是一个二进制数据，上面的示例还包括 strings 命令只显示可打印的字符串。

Strace还支持在 -x 中以十六进制打印所有字符串被指定，但它将工作相同。

---

以下是解析 strace的版本实时输出：

  while -r line; 
 do printf％b\\\
$ line|字符串
 done< 





---

更多字符串可以用更具体的过滤器替换，使用 grep ，只得到双引号内的内容：

  grep -o'。 + [^]'| grep -o'[^] \ + [^]'
  

为了避免这一点，让我们简化整个过程，因此我们可以定义以下格式化程序别名：

 别名格式-strace ='grep --line-buffered -o'\''\ + [^]'\  grep --line-buffered -o'\''[^] * [^]'\''|而读-r行;做printf％b$ line;完成| tr\r\\\
\275\276| tr -d[：cntrl：]| tr\275\276\r\\\
'
  

其中： / p>

• grep -o'.\ + [^]'选择带有引号的双引号字符串


• grep -o'[^] * [^]' - 选择双引号


• while -r行 - 将每行存入 $ line 和 do 一些动作（帮助阅读）


• printf％b$ line - 通过扩展反斜杠转义序列打印行


• tr\r\\\
\275\276 - 暂时将 \r\\\
替换为 \275\276


• tr -d[：cntrl：] - 删除所有控制字符


• tr\275\276\r\\\
- 恢复新行结尾

然后，跟踪一些命令的完整示例（例如 php ）可以如下所示：

  strace -e trace = read，write，recvfrom，sendto -s 1000 -fp $（pgrep -n php）2>& 1 | format-strace 
  

---

检查类似的例子：如何在另一个bash会话中查看正在运行的进程的输出？在Unix.SE中

I've trace log generated by strace command like on running PHP by:

sudo strace -e sendto -fp $(pgrep -n php) -o strace.log

And the output looks like:

11208 sendto(4, "set 29170397297_-cache-schema 85 0 127240\r\n\257\202\v\0?\0\0\0\2\27\10stdClass\24\7\21\3cid\21\6schema\21\4d\37ata\25\n\247\21\5block\24\6\21\6fields\24\f\21\3bid\24\2\5\21\4type 0\37erial\21\10not null\5\21\6module\24\4\16\7\21\7va\37rchar\21\6length\6@\16\t\5\21\7default\r\21\5de\2lta@\5\16\v\16\f\6 \35\7\16\r\21\0010\21\5t \207C\30@6\2\16\r\r n\4tatus@0\4\21\3int/\7\6\0\21\4size \222\finy\21\6weight\24\3 ;\0\22\300 \6\6region@8\340\5P\5custom\27\300,\17\16\23\16\24\21\nvisibility\340\t\34\7\5pages\24\2 \205\3\4tex@\206 \261\1it \365\0\5\240\0\377y\10\r\21\ftransl!N\2ble %\1ca!a\340\3Q\0\1n\31\vprimary key\24\1\6\0\16\6\21\vunique@\21\ts\24\1\21\3tmd\24\3 \31\0\20 2\v\n\6\2\16\16\21\7index \210\10\1\21\4list\24\5\240\36\0\21 \36\10\26\6\3\16\25\6\4\16\n \1\6\4\21\4name \7\0\na\317\2_ro\252\0\5!$\0\n \3\341\2\23\0\16\340\0\16A\214\2\21\3r!\354@ \v\22\21\10unsigned\5@\332\0\36\213\0\n \213\0\16 l\6%\16!\24\1\16%\271\0%@p\5\16#\16$\21\f\200l\241b@n\2\4\16\6M\2\10\16&@E\4\21\4bod\201_\5\32\16\t\4\16\23B\\\2g\16\34 \30\3info .\0\7a\255\0\200@q!L\5\6forma\201\332B/!d\2\4\16\37 y\0*y\0 \225a;\240\201\2'\21\van\0_\207\200\2\5\16\1\340\0U =@U\1\16\3@\222 \212\2lob@O\n\23\16)\21\6expire@\30\342\0\26\7\21\7create\241\17< \25\0\n\203\1\"\177\0dY\0\22 \305\5\5small\240!a\32\0.\230\0.\240\240\0\1\240\240\3,\21\vb S\2kpo\"\313\2s\24\6!\220\2\t\21\2\241q\0\10 ?\4\21\tno \213\6ort\5\21\fm\";\3ine_A\313\232\241\3\2\5\16#\340\4\16!\345\340\0U\223\340\0'AC\4sourc\202\202\340\3\27\0\v\200\27\0_C\326\340\0074\1\16\21_\240\363\2\1\16\25\340\3\16\r\0\21\vmultipliers\31\0- \223\1\21\t\341\0\30B-\0\1!\10\0003a\253\0005\v\0005ac \327Dz\"\364 \20\0\10 \6\0 @\333\r\0165\16\36\0163\21\nidenti$x\nr\0166\21\vadmin_ce\10\21\5label\21\f\244H\6 hook\21\23\240\r\0_\340\1\375\fs\21\3api\24\4\21\5own F\0062\16C\16B\21\17 H\5imum_v \260$\25\7\6\1\21\17curr m\340\1\22!\242\0002\"\305\0022\21\20\340\1N\5_groupa\247\2\6\0163\352\0\10 \352\2\0164\5 \325C%\341\0P\341\5\220\1\0162aQA\26\4\16:\5\21\17\201\321\1 c\"$\5back\21#\340\7b\0_\200!\340\3\311\1\16\7C\340\0a!\312\1\no \300#\240!&}\241\237\0\0\242e\341\4n\5\16;\24\10\16< \7\2=\21\35\340\1m\0\320\0 \342\3XAz\v\16>\16G\16?\16@\16A\21\30\341\tT\201\5\1\21\22\200\243\0 B0\6 string#o\4toolsbD\1\16C \260\0D!D\4C\16L\16E!P\0F \3\201T\16G\21\21ckeditor_set%\266\0gE\323\0\5%Q\0# 4@\345!)\"w#\372\1\21\10\340\0!\0\1 \31\0\32\240\334\4#\16\n\21\10\300D \r\2O\21\25\300\r\6_input_\244+\340\16V\1\16+ \31\340\4h X\0\2!;\0# \245\0+ \247\0Q T\7R\21\26comme#/\0_%\266\2cko W\3pane ;\4\5\24\10\21\7@\v\0_\243\257\301\231\1\21\4F\35 !\340\1\22F\323\0021\21\10\"\311'B\0e@\223A\254&f`\346\"~\6\vcollap&q%\227\340\6\35\2\0\21\t\240\35\344\1a\3009\0\0#\212\300.\0001\200L$\247\1enFl\344\0\216\300,\0\1G\5\3view\340\0002\300\177 \372\0\1 K\0T!"..., 8196, MSG_NOSIGNAL|MSG_MORE, NULL, 0) = 8196

It sounds like these are represented by ordinary C escape codes.

I've tried to decode them in shell by printf like:

while read line; do printf "%s" "$line"; done < <(cat strace.log | head -n2)

but it failed (looks like it doesn't make any sense):

11208 sendto(4, "set 29170397297_-cache-schema 85 0 127240rn257202v0?00022710stdClass247213cid216schema214d37ata25n247215block246216fields24f213bid2425214type 037erial2110not null5216module244167217va37rchar216length6@16t5217defaultr215de2lta@516v16f6 35716r210010215t 207C30@6216rr n4tatus@04213int/760214size 222finy216weight243 ;022300 66region@83405P5custom27300,171623162421nvisibility340t3475pages242 20534tex@206 2611it 365052400377y10r21ftransl!N2ble %1ca!a3403Q01n31vprimary key2416016621vunique@21ts241213tmd243 31020 2vn621616217index 210101214list24524036021 3610266316256416n 164214name 70na3172_ro25205!$0n 3341223016340016A2142213r!354@ v222110unsigned5@3320362130n 213016 l6%16!24116%2710%@p516#16$21f200l241b@n24166M21016&@E4214bod201_53216t41623B\2g1634 303info .07a2550200@q!L56forma201332B/!d241637 y0*y0 225a;2402012'21van0_207200251613400U =@U1163@222 2122lob@On2316)216expire@303420267217create24117< 250n2031"1770dY022 30555small240!a320.`2300.240240012402403,21vb S2kpo"3132s246!2202t212241q010...

Is there any better way to parse the output of strace command to see plain strings passed to recvfrom/sendto?

Ideally it is possible to print printable characters including new lines (\r\n), but cut-off NULLs and other non-printable characters?

解决方案

The problem why read doesn't work, because shell is already escaping the characters, so the string is doubled escaped, therefore \r\n is printed as rn.

To ignore escaping of characters by shell, you can use read -r which allow backslashes to escape any characters (so they're treated literally). Here is example:

while read -r line; do printf "%b\n" "$line"; done < strace.log | strings

Since it's a binary data, above example also includes strings command to display only printable strings.

Strace also support printing all strings in hex when -x is specified, but it'll work the same.

---

Here is the version to parse strace output in real-time:

while read -r line;
    do printf "%b\n" "$line" | strings
done < <(sudo strace -e recvfrom,sendto -s 1000 -fp $(pgrep -n php) 2>/dev/stdout)

---

Further more strings, can be replaced by more specific filter using grep, to get only what is inside double quotes:

grep -o '".\+[^"]"' | grep -o '[^"]\+[^"]'

however this may still print binary formats.

To avoid that, lets simplify the whole process, so lets define the following formatter alias:

alias format-strace='grep --line-buffered -o '\''".\+[^"]"'\'' | grep --line-buffered -o '\''[^"]*[^"]'\'' | while read -r line; do printf "%b" $line; done | tr "\r\n" "\275\276" | tr -d "[:cntrl:]" | tr "\275\276" "\r\n"'

where:

• grep -o '".\+[^"]"' - select double-quoted string with quotes
• grep -o '[^"]*[^"]' - select text within the double quotes
• while read -r line - store each line into $line and do some action (help read)
• printf "%b" $line - print line by expanding backslash escape sequences
• tr "\r\n" "\275\276" - temporarily replace \r\n into \275\276
• tr -d "[:cntrl:]" - remove all control characters
• tr "\275\276" "\r\n" - restore new line endings

then the complete example to trace some command (e.g. php) can look like:

strace -e trace=read,write,recvfrom,sendto -s 1000 -fp $(pgrep -n php) 2>&1 | format-strace

---

Check for similar example: How to view the output of a running process in another bash session? at Unix.SE

这篇关于如何将shell中的strace解析为纯文本？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！