ktrace as a replacement for strace

Dan Nelson dnelson at allantgroup.com
Tue Feb 8 08:24:32 PST 2005

In the last episode (Feb 08), Loren M. Lang said:
> I'm looking for a replacement for the strace program I used to use on
> linux; freebsd has a port of strace, but it just hangs everytime I
> use it.  It looks like the bsd version of strace would be
> ktrace/kdump.  I was able to get these to print a trace of the
> program I ran, but it doesn't do all the nice substatuting that
> strace was able to do. Mainly, I just want the first argument of open
> to look like a string instead of a 32 bit pointer that I can't read. 
> I'm trying to figure out what files this program is trying to read so
> I can edit it's configuration file.

The string in the NAMI line immediately after an open() call is the
filename in kdump output.

strace actually does work, but I think it's losing a race when it
forks the child process.  Try suspending and resuming strace:

(dan at dan.4) /home/dan> strace date
<hangs here, hit ^Z>
zsh: 62219 suspended  strace date
[1]  + suspended  strace date
(dan at dan.4) /home/dan> fg
[1]  + continued  strace date
execve(0xbfbfdef4, [0xbfbfe3b8], [/* 0 vars */]) = 0
mmap(0, 3920, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0) = 0x28071000
munmap(0x28071000, 3920)                = 0

strace hasn't been updated in a while, though, and has problems parsing
newer syscalls.  Take a look at the truss command in the base system,
which does about the same thing as strace.  Ktrace has the advantage
that it's less intrusive; both strace and truss have to stop the
process to print out data, which really slow it down.

	Dan Nelson
	dnelson at allantgroup.com

More information about the freebsd-questions mailing list