504.htm

unix高级编程原吗

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center">               ● UNIX网络编程                       (BM: clown)                </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p   align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="13.htm">上一层</a>][<a href="505.htm">下一篇</a>]
<hr><p align="left"><small>发信人: scz (小四), 信区: Security <br>
标  题: strace使用手册 <br>
发信站: 武汉白云黄鹤站 (Sun Sep 10 21:45:50 2000), 站内信件 <br>
测试： <br>
    以 I386/RedHat6.2 为测试环境 <br>
目录： <br>
    ★ 命令行参数简介 <br>
    ★ 使用举例(待补) <br>
★ 命令行参数简介 <br>
strace - 跟踪系统调用和信号 <br>
usage: strace [-dffhiqrtttTvVxx] [-a column] [-e expr] [-o file] <br>
              [-p pid] [-s strsize] [-u username] [command [arg]] <br>
       strace -c [-e expr] [-O overhead] [-S sortby] [command [arg]] <br>
-a column <br>
    指定显示返回值的列位置，默认是40(从0开始计数)，就是说'='出现在40列的位 <br>
    置。 <br>
-c 产生类似下面的统计信息 <br>
strace -c -p 14653 (Ctrl-C) <br>
% time     seconds  usecs/call     calls    errors syscall <br>
------ ----------- ----------- --------- --------- ---------------- <br>
 53.99    0.012987        3247         4         2 wait4 <br>
 42.16    0.010140        2028         5           read <br>
  1.78    0.000429          61         7           write <br>

  0.76    0.000184          10        18           ioctl <br>
  0.50    0.000121           2        52           rt_sigprocmask <br>
  0.48    0.000115          58         2           fork <br>
  0.18    0.000043           2        18           rt_sigaction <br>
  0.06    0.000014          14         1         1 stat <br>
  0.03    0.000008           4         2           sigreturn <br>
  0.02    0.000006           2         3           time <br>
  0.02    0.000006           3         2         1 setpgid <br>
------ ----------- ----------- --------- --------- ---------------- <br>
100.00    0.024053                   114         4 total <br>
-d 输出一些strace自身的调试信息到标准输出 <br>
strace -c -p 14653 -d (Ctrl-C) <br>
 [wait(0x137f) = 14653] <br>
pid 14653 stopped, [SIGSTOP] <br>
 [wait(0x57f) = 14653] <br>
pid 14653 stopped, [SIGTRAP] <br>
cleanup: looking at pid 14653 <br>
% time     seconds  usecs/call     calls    errors syscall <br>
------ ----------- ----------- --------- --------- ---------------- <br>
------ ----------- ----------- --------- --------- ---------------- <br>
100.00    0.000000                     0           total <br>
-e expr <br>
-e expr <br>
    A qualifying expression which modifies which events to trace  or  how  t <br>
o  t <br>
race <br>
    them.  The format of the expression is: <br>
              [qualifier=][!]value1[,value2]... <br>
    这里qualifier可以是trace、abbrev、verbose、raw、signal、read或者write。 <br>
    value是qualifier相关的符号或数值。缺省qualifier是trace。!表示取反。 <br>
    -eopen等价于-e trace=open，表示只跟踪open系统调用。-etrace=!open意思是 <br>
    跟踪除open系统调用之外的其他所有系统调用。此外value还可以取值all和none。 <br>
  <br>
    某些shell用!表示重复历史指令，此时可能需要引号、转义符号(\)的帮助。 <br>
-e trace=set <br>
    只跟踪指定的系统调用列表。决定跟踪哪些系统调用时，-c选项很有用。 <br>
    trace=open,close,read,write意即只跟踪这四种系统调用，缺省是trace=all <br>
-e trace=file <br>
    跟踪以指定文件名做参数的所有系统调用。 <br>
-e trace=process <br>
    Trace all system calls which involve process management. This is <br>
    useful for watching the fork, wait, and exec steps of a process. <br>
-e trace=network <br>
    跟踪所有和网络相关的系统调用 <br>
-e trace=signal <br>

    Trace all signal related system calls. <br>
-e trace=ipc <br>
    Trace all IPC related system calls. <br>
-e abbrev=set <br>
    Abbreviate the output from printing each member of large structures. <br>
    缺省是abbrev=all，-v选项等价于abbrev=none <br>
-e verbose=set <br>
    Dereference structures for the specified set of system calls. <br>
    The default is verbose=all. <br>
-e raw=set <br>
    Print raw, undecoded arguments for the specifed set of system calls. <br>
    This option has the effect of causing all arguments to be printed in <br>
    hexadecimal. This is mostly useful if you don't trust the decoding or <br>
    you need to know the actual numeric value of an argument. <br>
-e signal=set <br>
    只跟踪指定的信号列表，缺省是signal=all。signal=!SIGIO (or signal=!io) <br>
    导致 SIGIO 信号不被跟踪 <br>
-e read=set <br>
    Perform a full hexadecimal and ASCII dump of all the data read from <br>
    file descriptors listed in the specified set. For example, to see all <br>
    input activity on file descriptors 3 and 5 use -e read=3,5. Note that <br>
    this is independent from the normal tracing of the read(2) system call <br>

    which is controlled by the option -e trace=read. <br>
-e write=set <br>
    Perform a full hexadecimal and ASCII dump of all the data written to <br>
    file descriptors listed in the specified set. For example, to see all <br>
    output activity on file descriptors 3 and 5 use -e write=3,5.  Note <br>
    that this is independent from the normal tracing of the write(2) <br>
    system call which is controlled by the option -e trace=write. <br>
-f <br>
    follow forks，跟随子进程？ <br>
    Trace child processes as they are created by currently traced <br>
    processes as a result of the fork(2) system call. The new process <br>
    is attached to as soon as its pid is known (through the return value <br>
    of fork(2) in the parent process). This means that such children may <br>
    run uncontrolled for a while (especially in the case of a vfork(2)), <br>
    until the parent is scheduled  again  to  complete  its (v)fork(2) <br>
    call. If the parent process decides to wait(2) for a child that is <br>
    currently being traced, it is suspended until an appropriate child <br>
    process either terminates or incurs a signal that would cause it to <br>
    terminate (as determined from the child's current signal disposition). <br>
    意思应该是说跟踪某个进程时，如果发生fork()调用，则选择跟踪子进程 <br>
    可以参考gdb的set follow-fork-mode设置 <br>
-F <br>
-F <br>
    attempt to follow vforks <br>
    (On SunOS 4.x, this is accomplished with some dynamic linking trickery. <br>
    On Linux, it requires some kernel functionality  not  yet  in the <br>
    standard  kernel.)   Otherwise,  vforks will not be followed even if -f <br>
    has been given. <br>
    类似-f选项 <br>
-ff <br>
    如果-o file选项有效指定，则跟踪过程中新产生的其他相关进程的信息分别写 <br>
    入file.pid，这里pid是各个进程号。 <br>
-h <br>
    显示帮助信息 <br>
-i <br>
    显示发生系统调用时的IP寄存器值 <br>
    strace -p 14653 -i <br>
-o filename <br>
    指定保存strace输出信息的文件，默认使用标准错误输出stderr <br>
    Use filename.pid if -ff is used. If the argument begins with `|' or <br>
    with `!' then the rest of the argument is treated as a command and all <br>
    output is piped to it. This is convenient for piping the debugging <br>
    output to a program without affecting the redirections of executed <br>
    programs. <br>
-O overhead <br>
-O overhead <br>
    Set the overhead for tracing system calls to overhead microseconds. <br>
    This is useful for overriding the default heuristic for guessing how <br>
    much time is spent in mere measuring when timing system calls using <br>
    the -c option. The acuracy of the heuristic can be gauged by timing <br>
    a given program run without tracing (using time(1)) and comparing <br>
    the accumulated system call time to the total produced using -c. <br>
    好象是用于确定哪些系统调用耗时多 <br>
-p pid <br>
    指定待跟踪的进程号，可以用Ctrl-C终止这种跟踪而被跟踪进程继续运行。可以 <br>
    指定多达32个-p参数同时进行跟踪。 <br>
    比如 strace -ff -o output -p 14653 -p 14117 <br>
-q <br>
    Suppress messages about attaching, detaching etc. This happens <br>
    automatically when output is redirected to a file and the command is <br>
    run directly instead of attaching. <br>
-r <br>
    Print a relative timestamp upon entry to each system call. This <br>
    records the time difference between the beginning of successive <br>
    system calls. <br>
    strace -p 14653 -i -r <br>
-s strsize <br>
    指定字符串最大显示长度，默认32。但文件名总是显示完整。 <br>

-S sortby <br>
    Sort the output of the histogram printed by the -c option by the <br>
    specified critereon. Legal values are time, calls, name, and nothing <br>
    (default time). <br>
-t <br>
    与-r选项类似，只不过-r采用相对时间戳，-t采用绝对时间戳(当前时钟) <br>
-tt <br>
    与-t类似，绝对时间戳中包含微秒 <br>
-ttt <br>
    If  given thrice, the time printed will include the microseconds and <br>
    the leading portion will be printed as the number of seconds since <br>
    the epoch. <br>
-T <br>
    这个选项显示单个系统调用耗时 <br>
-u username <br>
    用指定用户的UID、GID以及辅助组身份运行待跟踪程序 <br>
-v <br>
    冗余显示模式 <br>
    Print unabbreviated versions of environment, stat, termios, etc. calls. <br>
    These structures are very common in calls and so the default behavior <br>
    displays a reasonable subset of structure members. Use this option to <br>
    get all of the gory details. <br>

-V <br>
    显示strace版本信息 <br>
-x 以16进制字符串格式显示非ascii码，比如"\x08"，默认采用8进制，比如"\10" <br>
-xx 以16进制字符串格式显示所有字节 <br>
★ 使用举例(待补) <br>
<待续> <br>
-- <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="13.htm">上一层</a>][<a href="505.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>