[20181217]strace使用問題.txt

[20181217]strace使用問題.txt

--//最近使用starce跟蹤分析ogg相關程式遇到一些問題.

# strace -t -p 703 -f -e open,read,lseek

Process 703 attached with 12 threads - interrupt to quit

[pid   717] 15:07:01 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:07:01 lseek(26, 2192071680, SEEK_SET) = 2192071680

[pid   720] 15:07:01 read(26, "\1\"\0\0.TA\0\337\20\0\0\20\200FZ`\0\0\0\4\0\6\0\177\354\237/\1\0\24\0"..., 1024000) = 1024000

[pid   717] 15:07:01 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   720] 15:07:01 read(26, "\1\"\0\0\376[A\0\325\20\0\0000\200\332\364G\225-\0\2\0\21\1\26\0\307\316\5\304\25-"..., 1024000) = 1024000

[pid   716] 15:07:03 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:07:03 lseek(25, 1679056896, SEEK_SET) = 1679056896

[pid   719] 15:07:03 read(25, "\1\"\0\0000\n2\0\362\25\0\0000\200\0023(#\0\0k\0\21\0\306f\n\0\377\0\16\0"..., 1024000) = 1024000

[pid   716] 15:07:03 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   719] 15:07:03 read(25, "\1\"\0\0\0\0222\0\356\25\0\0\220\200\10I/5\300\0\214\303\24\0\0\200\6\0\373x\361."..., 1024000) = 1024000

[pid   717] 15:07:04 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:07:04 lseek(26, 2192132608, SEEK_SET) = 2192132608

[pid   720] 15:07:04 read(26, "\1\"\0\0\245TA\0\337\20\0\0\20\200-3`\0\0\0\0043\6\0\305\356\237/\1\0ug"..., 1024000) = 1024000

[pid   717] 15:07:04 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   720] 15:07:04 read(26, "\1\"\0\0u\\A\0\325\20\0\0\230\200\214\205\0\0;V\2\r\2\0\5\0\377\377Y\310\300\21"..., 1024000) = 1024000

[pid   716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:07:06 lseek(25, 1679399424, SEEK_SET) = 1679399424

[pid   719] 15:07:06 read(25, "\1\"\0\0\315\f2\0\362\25\0\0\34\200\265Q\0\0\313*\367\357\237/\6\0\0\0\0\0\0\0"..., 1024000) = 1024000

[pid   716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   719] 15:07:06 read(25, "\1\"\0\0\235\0242\0\356\25\0\0\20\200\177Z(\2\0\0\5\0\6\0009\231\361.\1\0\24\0"..., 1024000) = 1024000

[pid   703] 15:07:07 lseek(20, 0, SEEK_SET) = 0

[pid   717] 15:07:07 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:07:07 lseek(26, 2192153600, SEEK_SET) = 2192153600

[pid   720] 15:07:07 read(26, "\1\"\0\0\316TA\0\337\20\0\0\20\200\347\257p\0\0\0\6\v\6\0\230\360\237/\1\0\0\0"..., 1024000) = 1024000

[pid   720] 15:07:07 read(26, "\1\"\0\0\236\\A\0\337\20\0\0008\200J75\0\22\0\240\212=\0\216\350@\1d\226;\0"..., 1024000) = 1024000

[pid   717] 15:07:07 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:07:07 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

--//這樣可以跟蹤open,read,lseek函式.

--//如果我想儲存到檔案並且輸出,遇到問題:

# strace -t -p 703 -f -e open,read,lseek | tee /tmp/703.txt

...

--//ctrl+c中斷退出.

# ls -l /tmp/703.txt

-rw-r--r-- 1 root root 0 2018-12-17 15:07:51 /tmp/703.txt

--//可以發現這樣並不會透過管道寫入/tmp/703.txt,似乎starce的這些輸出被定向到標準錯誤輸出(控制程式碼2).

--//0對應標準輸入 1對應標準輸出 2對應標準錯誤.

--//改寫如下就ok了.

# strace -t -p 703 -f -e open,read,lseek 2>&1 | tee /tmp/703.txt

Process 703 attached with 12 threads - interrupt to quit

[pid   703] 15:18:26 lseek(20, 0, SEEK_SET) = 0

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:18:26 lseek(25, 1819684352, SEEK_SET) = 1819684352

[pid   719] 15:18:26 read(25, "\1\"\0\0\27;6\0\362\25\0\0l\200\312J\1\0\216\1\1\0\0\0\0\0\24\0k\0 \0"..., 1024000) = 1024000

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   719] 15:18:26 read(25, "\1\"\0\0\347B6\0\356\25\0\0\20\200d\2040\2\0\0\5\0\6\0S\262\364.\1\0\360."..., 1024000) = 1024000

[pid   717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:18:27 lseek(26, 2217297920, SEEK_SET) = 2217297920

[pid   720] 15:18:27 read(26, "\1\"\0\0\244\24B\0\337\20\0\0\300\200\"\323\0\0\0\0\2\2\1\0h5\242/\6\0\0\0"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0t\34B\0\337\20\0\0x\200\25\262!\352\10\4\346\217\315\22\0\0\0\0\0\0\0\0"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0D$B\0\337\20\0\0\20\200M\7/table></div>\r\n<"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0\24,B\0\325\20\0\0`\200\346\3755px; left:435px;"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0\3443B\0\325\20\0\0\200\200\217\1!j\t\4R0\331\22\0\0\0\0\0\0\0\0"..., 1024000) = 1024000

[pid   717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

# cat /tmp/703.txt

Process 703 attached with 12 threads - interrupt to quit

[pid   703] 15:18:26 lseek(20, 0, SEEK_SET) = 0

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:18:26 lseek(25, 1819684352, SEEK_SET) = 1819684352

[pid   719] 15:18:26 read(25, "\1\"\0\0\27;6\0\362\25\0\0l\200\312J\1\0\216\1\1\0\0\0\0\0\24\0k\0 \0"..., 1024000) = 1024000

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   719] 15:18:26 read(25, "\1\"\0\0\347B6\0\356\25\0\0\20\200d\2040\2\0\0\5\0\6\0S\262\364.\1\0\360."..., 1024000) = 1024000

[pid   717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:18:27 lseek(26, 2217297920, SEEK_SET) = 2217297920

[pid   720] 15:18:27 read(26, "\1\"\0\0\244\24B\0\337\20\0\0\300\200\"\323\0\0\0\0\2\2\1\0h5\242/\6\0\0\0"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0t\34B\0\337\20\0\0x\200\25\262!\352\10\4\346\217\315\22\0\0\0\0\0\0\0\0"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0D$B\0\337\20\0\0\20\200M\7/table></div>\r\n<"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0\24,B\0\325\20\0\0`\200\346\3755px; left:435px;"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0\3443B\0\325\20\0\0\200\200\217\1!j\t\4R0\331\22\0\0\0\0\0\0\0\0"..., 1024000) = 1024000

[pid   717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

---//簡單探究開啟控制程式碼的情況:

# ps -ef | grep strac[e]

root      1913 24587  1 15:18 pts/3    00:00:00 strace -t -p 703 -f -e open read lseek

# ls -l /proc/1913/fd

total 0

lrwx------ 1 root root 64 2018-12-17 15:19:40 0 -> /dev/pts/3

l-wx------ 1 root root 64 2018-12-17 15:19:40 1 -> pipe:[32398409]

l-wx------ 1 root root 64 2018-12-17 15:19:04 2 -> pipe:[32398409]

--//1,2 被定向到 pipe:[32398409].

# ps -ef | grep te[e]

root      1914 24587  0 15:18 pts/3    00:00:00 tee /tmp/703.txt

# ls -l /proc/1914/fd

total 0

lr-x------ 1 root root 64 2018-12-17 15:20:29 0 -> pipe:[32398409]

lrwx------ 1 root root 64 2018-12-17 15:20:29 1 -> /dev/pts/3

lrwx------ 1 root root 64 2018-12-17 15:19:04 2 -> /dev/pts/3

l-wx------ 1 root root 64 2018-12-17 15:20:29 3 -> /tmp/703.txt

--// 0 定向到pipe:[32398409],也就是接收strace的輸出.

# cat  /proc/1914/fd/0

[pid   717] 15:21:36 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:21:36 lseek(26, 2230129664, SEEK_SET) = 2230129664

[pid   720] 15:21:36 read(26,

[root@dbcndg2 IP=100.75 /proc/1691/fd 159]# cat  /proc/1914/fd/0

[pid   717] 15:21:39 read(22, [pid   717] 15:21:39 lseek(26, 2230850560, SEEK_SET) = 2230850560

[pid   720] 15:21:39 read(26, "\1\"\0\0\n|B\0\337\20\0\0\20\200\20u`\0\0\0\4\211\6\0\373\367\242/\1\0\1\0"..., 1024000) = 1024000

[pid   717] 15:21:39 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   720] 15:21:39 read(26, "\1\"\0\0\332\203B\0\325\20\0\0X\200\27\330:normal;font-fam"..., 1024000) = 1024000

--//還有一種方式分別寫入檔案使用引數-ff

# strace -t -p 703 -ff -e open,read,lseek -o /tmp/703.txt

Process 703 attached with 12 threads - interrupt to quit

# ls -l /tmp/703.txt*

-rw-r--r-- 1 root root     88 2018-12-17 15:27:24 /tmp/703.txt.703

-rw-r--r-- 1 root root      0 2018-12-17 15:27:11 /tmp/703.txt.704

-rw-r--r-- 1 root root      0 2018-12-17 15:27:11 /tmp/703.txt.705

-rw-r--r-- 1 root root      0 2018-12-17 15:27:11 /tmp/703.txt.706

-rw-r--r-- 1 root root      0 2018-12-17 15:27:11 /tmp/703.txt.707

-rw-r--r-- 1 root root      0 2018-12-17 15:27:11 /tmp/703.txt.712

-rw-r--r-- 1 root root      0 2018-12-17 15:27:11 /tmp/703.txt.715

-rw-r--r-- 1 root root   2334 2018-12-17 15:27:30 /tmp/703.txt.716

-rw-r--r-- 1 root root   1815 2018-12-17 15:27:31 /tmp/703.txt.717

-rw-r--r-- 1 root root      0 2018-12-17 15:27:11 /tmp/703.txt.718

-rw-r--r-- 1 root root   1555 2018-12-17 15:27:30 /tmp/703.txt.719

-rw-r--r-- 1 root root   1090 2018-12-17 15:27:31 /tmp/703.txt.720