Under current versions of macOS, executables under paths covered by SIP (like /usr/bin ) cannot be traced. You can bypass this by making a copy of the executable in your home directory and tracing the copy: cp /usr/bin/find find codesign --remove-signature ./find sudo dtruss ./find …
Trace Linux Command System Calls You can simply run a command with strace like this, here we are tracing of all system calls made by the df command. $ strace df -h execve("/bin/df", ["df", "-h"], [/* 50 vars */]) = 0 brk(NULL) = 0x136e000 access("/etc/ld.
Conclusion. The “strace” command is a UNIX utility used to trace system calls and libraries. Through the “strace” command, you can monitor and capture the system calls to troubleshoot the program issues. The “ltrace” command is similar to the “strace” command but it doesn't capture the statically linked libraries.
On Windows, you can use Process Monitor to monitor process activity (I/O and registry). I guess this fits your need if you don't really want to know the system calls. And you can use winapioverride32 to monitor API calls.
You can use dtruss like in
sudo dtruss find ~/repo -depth 2 -type d -name '.git'
The manual page of that utility will help you to tailor the use of the tool to your needs.
Under current versions of macOS, executables under paths covered by SIP (like /usr/bin
) cannot be traced.
You can bypass this by making a copy of the executable in your home directory and tracing the copy:
cp /usr/bin/find find
codesign --remove-signature ./find
sudo dtruss ./find …
You needed to remove the code signature from the new find
executable, otherwise SIP still notices that a system file is being accessed (credit: @Anmol Singh Jaggi).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With