[20181217]strace使用问题.txt

--//最近使用starce跟踪分析ogg相关进程遇到一些问题.

# strace -t -p 703 -f -e open,read,lseek

Process 703 attached with 12 threads - interrupt to quit

[pid   717] 15:07:01 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:07:01 lseek(26, 2192071680, SEEK_SET) = 2192071680

[pid   720] 15:07:01 read(26, "\1\"\0\0.TA\0\337\20\0\0\20\200FZ`\0\0\0\4\0\6\0\177\354\237/\1\0\24\0"..., 1024000) = 1024000

[pid   717] 15:07:01 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   720] 15:07:01 read(26, "\1\"\0\0\376[A\0\325\20\0\0000\200\332\364G\225-\0\2\0\21\1\26\0\307\316\5\304\25-"..., 1024000) = 1024000

[pid   716] 15:07:03 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:07:03 lseek(25, 1679056896, SEEK_SET) = 1679056896

[pid   719] 15:07:03 read(25, "\1\"\0\0000\n2\0\362\25\0\0000\200\0023(#\0\0k\0\21\0\306f\n\0\377\0\16\0"..., 1024000) = 1024000

[pid   716] 15:07:03 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   719] 15:07:03 read(25, "\1\"\0\0\0\0222\0\356\25\0\0\220\200\10I/5\300\0\214\303\24\0\0\200\6\0\373x\361."..., 1024000) = 1024000

[pid   717] 15:07:04 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:07:04 lseek(26, 2192132608, SEEK_SET) = 2192132608

[pid   720] 15:07:04 read(26, "\1\"\0\0\245TA\0\337\20\0\0\20\200-3`\0\0\0\0043\6\0\305\356\237/\1\0ug"..., 1024000) = 1024000

[pid   717] 15:07:04 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   720] 15:07:04 read(26, "\1\"\0\0u\\A\0\325\20\0\0\230\200\214\205\0\0;V\2\r\2\0\5\0\377\377Y\310\300\21"..., 1024000) = 1024000

[pid   716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:07:06 lseek(25, 1679399424, SEEK_SET) = 1679399424

[pid   719] 15:07:06 read(25, "\1\"\0\0\315\f2\0\362\25\0\0\34\200\265Q\0\0\313*\367\357\237/\6\0\0\0\0\0\0\0"..., 1024000) = 1024000

[pid   716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:07:06 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   719] 15:07:06 read(25, "\1\"\0\0\235\0242\0\356\25\0\0\20\200\177Z(\2\0\0\5\0\6\0009\231\361.\1\0\24\0"..., 1024000) = 1024000

[pid   703] 15:07:07 lseek(20, 0, SEEK_SET) = 0

[pid   717] 15:07:07 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:07:07 lseek(26, 2192153600, SEEK_SET) = 2192153600

[pid   720] 15:07:07 read(26, "\1\"\0\0\316TA\0\337\20\0\0\20\200\347\257p\0\0\0\6\v\6\0\230\360\237/\1\0\0\0"..., 1024000) = 1024000

[pid   720] 15:07:07 read(26, "\1\"\0\0\236\\A\0\337\20\0\0008\200J75\0\22\0\240\212=\0\216\350@\1d\226;\0"..., 1024000) = 1024000

[pid   717] 15:07:07 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:07:07 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

--//这样可以跟踪open,read,lseek函数.

--//如果我想保存到文件并且输出,遇到问题:

# strace -t -p 703 -f -e open,read,lseek | tee /tmp/703.txt

...

--//ctrl+c中断退出.

# ls -l /tmp/703.txt

-rw-r--r-- 1 root root 0 2018-12-17 15:07:51 /tmp/703.txt

--//可以发现这样并不会通过管道写入/tmp/703.txt,似乎starce的这些输出被定向到标准错误输出(句柄2).

--//0对应标准输入 1对应标准输出 2对应标准错误.

--//改写如下就ok了.

# strace -t -p 703 -f -e open,read,lseek 2>&1 | tee /tmp/703.txt

Process 703 attached with 12 threads - interrupt to quit

[pid   703] 15:18:26 lseek(20, 0, SEEK_SET) = 0

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:18:26 lseek(25, 1819684352, SEEK_SET) = 1819684352

[pid   719] 15:18:26 read(25, "\1\"\0\0\27;6\0\362\25\0\0l\200\312J\1\0\216\1\1\0\0\0\0\0\24\0k\0 \0"..., 1024000) = 1024000

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   716] 15:18:26 read(18, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   719] 15:18:26 read(25, "\1\"\0\0\347B6\0\356\25\0\0\20\200d\2040\2\0\0\5\0\6\0S\262\364.\1\0\360."..., 1024000) = 1024000

[pid   717] 15:18:27 read(22, "\0\350\0\0\6\0\0\0\0\0\6\1\"R\1\0\0\0\0\0\2\0\0\0\0\0\0\0\0\0\0\0"..., 32784) = 232

[pid   717] 15:18:27 lseek(26, 2217297920, SEEK_SET) = 2217297920

[pid   720] 15:18:27 read(26, "\1\"\0\0\244\24B\0\337\20\0\0\300\200\"\323\0\0\0\0\2\2\1\0h5\242/\6\0\0\0"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0t\34B\0\337\20\0\0x\200\25\262!\352\10\4\346\217\315\22\0\0\0\0\0\0\0\0"..., 1024000) = 1024000

[pid   720] 15:18:27 read(26, "\1\"\0\0D$B\0\337\20\0\0\20\200M\7/table>