Menu
I'm trying to use strace to understand how a binary program uses memory.
However, the default output of strace, in an attempt to be more user friendly, prints any char * buffers as the respective strings.
read(3, "Tell me, Muse, of that man of ma"..., 4096) = 270
Is there any way to tell strace to print the actual address of the string next to its contents?
If it's not possible to have both, printing only the address of the string instead of its truncated contents would also be ok.
916
strace is a diagnostic tool in Linux. It intercepts and records any syscalls made by a command. Additionally, it also records any Linux signal sent to the process. We can then use this information to debug or diagnose a program.
strace(1) is a great tool, but the current version (using ptrace()) can slow down the target severely. Be aware of the overhead strace causes, and consider other alternates for Linux that use lower-cost buffered tracing.
The trace may be terminated at any time by a keyboard interrupt signal (CTRL-C). strace will respond by detaching itself from the traced process(es) leaving it (them) to continue running.
-e raw=read should do what you want already. There should be no need for source modification.
broadway@creepspread:~% strace -e raw=read ls 2>&1|grep ^read
read(0x3, 0x7fff5ea52e78, 0x340) = 0x340
read(0x3, 0x7fff5ea52e48, 0x340) = 0x340
read(0x3, 0x7fff5ea52e18, 0x340) = 0x340
read(0x3, 0x7fff5ea52de8, 0x340) = 0x340
read(0x3, 0x7fff5ea52ca8, 0x340) = 0x340
read(0x3, 0x7fff5ea52c48, 0x340) = 0x340
read(0x3, 0x7fff5ea52c18, 0x340) = 0x340
read(0x3, 0x7fef1433f000, 0x400) = 0x136
read(0x3, 0x7fef1433f000, 0x400) = 0
110
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
