Subject: Re: Intercepting system calls
From: David Laight <firstname.lastname@example.org>
Date: 04/24/2002 13:58:54
On Mon, Apr 22, 2002 at 09:09:42PM -0700, John Clark wrote:
> There is a tool in linux, 'strace' which allows one to
> trace system calls. I've used it on rare occasions, when
> I though some particular system call was causing a
> kernel panic.
Also the Solaris and SVR4 'truss'.
The advantage of a user space trace of system calls is that you don't
have the overhead of all the code being permanently resident.
It also makes it easier to humanise the output for ioctl (etc)
requests. (When you can't understand the output, you just rebuild
the program - it was just a large heap of printf() calls).
There is, similarly, a lack of a 'crash' program that can be used
to display data structures etc from the running kernel and/or
a system dump. kadb (etc) are just too user unfriendly - even
David Laight: email@example.com