Trace system calls (syscalls)
*****************************

python-ptrace can trace system calls using "PTRACE_SYSCALL".


PtraceSyscall
=============

ptrace.syscall module contains PtraceSyscall class: it's a parser of
Linux syscalls similar to strace program.

Example:

   connect(5, <sockaddr_in sin_family=AF_INET, sin_port=53, sin_addr=212.27.54.252>, 28) = 0
   open('/usr/lib/i686/cmov/libcrypto.so.0.9.8', 0, 0 <read only>) = 4
   mmap2(0xb7e87000, 81920, 3, 2066, 4, 297) = 0xb7e87000
   rt_sigaction(SIGWINCH, 0xbfb7d4a8, 0xbfb7d41c, 8) = 0

You can get more information: result type, value address, argument
types, and argument names.

Examples:

   long open(const char* filename='/usr/lib/i686/cmov/libcrypto.so.0.9.8' at 0xb7efc027, int flags=0, int mode=0 <read only>) = 4
   long fstat64(unsigned long fd=4, struct stat* buf=0xbfa46e2c) = 0
   long set_robust_list(struct robust_list_head* head=0xb7be5710, size_t len_ptr=12) = 0


strace.py
=========

Program strace.py is very close to strace program: display syscalls of
a program. Example:


Features
--------

* Nice output of signal: see [[signal|python-ptrace signal handling]]

* Supports multiple processes

* Can trace running process

* Can display arguments name, type and address

* Option "--filename" to show only syscall using file names

* Option "--socketcall" to show only syscall related to network
  (socket usage)

* Option "--syscalls" to list all known syscalls


Example
-------

   $ ./strace.py /bin/ls
   execve(/bin/ls, [['/bin/ls'],|[/* 40 vars */]]) = 756
   brk(0)                                   = 0x0805c000
   access('/etc/ld.so.nohwcap', 0)          = -2 (No such file or directory)
   mmap2(NULL, 8192, 3, 34, -1, 0)          = 0xb7f56000
   access('/etc/ld.so.preload', 4)          = -2 (No such file or directory)
   (...)
   close(1)                                 = 0
   munmap(0xb7c5c000, 4096)                 = 0
   exit_group(0)
   ---done---


Options
-------

The program has many options. Example with "--socketcall" (display
only network functions):

   $ ./strace.py --socketcall nc localhost 8080
   execve(/bin/nc, [['/bin/nc',|'localhost', '8080']], [[/*|40 vars */]]) = 12948
   socket(AF_FILE, SOCK_STREAM, 0)          = 3
   connect(3, <sockaddr_un sun_family=AF_FILE, sun_path=/var/run/nscd/socket>, 110) = -2 (No such file or directory)
   socket(AF_FILE, SOCK_STREAM, 0)          = 3
   connect(3, <sockaddr_un sun_family=AF_FILE, sun_path=/var/run/nscd/socket>, 110) = -2 (No such file or directory)
   socket(AF_INET, SOCK_STREAM, 6)          = 3
   setsockopt(3, SOL_SOCKET, SO_REUSEADDR, 3217455272L, 4) = 0
   connect(3, <sockaddr_in sin_family=AF_INET, sin_port=8080, sin_addr=127.0.0.1>, 16) = -111 (Connection refused)
   (...)
