Menu
Using the /proc File System It contains information about the kernel, system, and processes. We can find the PIDs of the child processes of a parent process in the children files located in the /proc/[pid]/task/[tid] directories.
If a process is already running, you can trace it by simply passing its PID as follows; this will fill your screen with continues output that shows system calls being made by the process, to end it, press [Ctrl + C] . $ sudo strace -p 3569 strace: Process 3569 attached restart_syscall(<...
The “strace” is a Linux command-line utility that is a useful and powerful tool to capture, monitor, and troubleshoot the programs in a system. It records and intercepts the system calls, which is quite helpful when some program crashes and does not execute as expected.
strace -f to trace child process that's fork()ed.
I can't see an easy way:
You could use the -ff option with -o filename to produce multiple files (one per pid).
eg:
strace -o process_dump -ff ./executable
grep clone process_dump*
that would help you see which parent created what. Maybe that would help you - at least then you could search backwards.
There is a perl script called strace-graph. Here is a version from github. It is packaged with crosstool-ng versions of compilers. It works for me even used cross platform.
$ ./strace -f -q -s 100 -o app.trc -p 449
$ tftp -pr app.trc 172.0.0.133
$ ./strace-graph /srv/tftp/app.trc
(anon)
+-- touch /tmp/ppp.sleep
+-- killall -HUP pppd
+-- amixer set Speaker 70%
+-- amixer set Speaker 70%
+-- amixer set Speaker 70%
+-- amixer set Speaker 70%
+-- amixer set Speaker 50%
+-- amixer set Speaker 70%
`-- amixer set Speaker 50%
The output can be used to help navigate the main trace log.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With