[Unix,OpenVMS, Windows] Tracing System Calls From Running Programs


PRODUCT:    truss (Solaris, Tru64)
            tusc (HP-UX)
            strace (Linux) 
            trace/trcstop/trcrpt (AIX)
            sslog (OpenVMS)
            Logger.exe (Windows [GUI tool])


OP/SYS:     Solaris (all versions)
            AIX Version 5
            Linux
            HP Tru64 Unix (all versions)
            HP-UX PA-RISC and Itanium
            HP OpenVMS V8.3 and Above
            Microsoft Windows 7 and above.


COMPONENT:  Run-Time system calls tracing tools 


SOURCE:     Philippe Vouters
            Fontainebleau/France


LOW-COST HIGH-TECH:  http://techno-star.fr


SYMPTOM(S) or PROBLEM(S):

To trace all systems calls of a program, which options to use to get the more
complete run-time trace ? This is the object of this article.


SOLUTION or HP RESPONSE:

On Tru64:
      # truss -faeio <output log filename> <executable> <args>
      # truss -faeio <output log filename> -p <pid>

On Solaris:
      # truss -rall -wall -aefo <output log filename> <executable> <args>
      # truss -aefo <output log filename -rall -wall -p <pid>

On Linux:
      # strace -v -e trace=all -f -o <output log filename> <executable> <args>
      # strace -v -e trace=all -f -o <output log filename> -p <pid> 

On HP-UX:
      # tusc -aeflh -o <output log filename> <executable> <args>
      # tusc -aeflh -o <output log filename> -p <pid>

On AIX Version 5:
   A) For an executable:
      # trace -a -o <output log filename>; <executable> <args> ; trcstop
      # trcrpt <output log filename> > <output text filename>

   B) For a running program:
      # trace -a -o <output log filename> -A <pid>
      # trcstop
      # trcrpt <output log filename> > <output text filename>

On OpenVMS:
      $ set process/privilege=(noall,tmpmbx,netmbx,SETPRV)
      OR
      $ set process/privilege=(noall,tmpmbx,netmbx,CMEXEC, CMKRNL)
      THEN
      $ set process/sslog=(state=on)
      $ run program
      $ set process/sslog=(state=off)
      $ set process/sslog=(state=unload)
      $ analyze/SSLOG/FULL/OUTPUT=program.trace
      $! If you want to re-execute
      $! set process/sslog=(state=on)
      $! you must first logoff
      $ edit program.trace

On Windows 7:
The tool to use is a GUI tool named Logger.exe.

For its installation, refer to:
http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
and more precisely:
http://msdn.microsoft.com/en-US/windows/hardware/hh852363

For how to use Logger.exe, refer to:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff560123(v=vs.85).aspx

About what you can expect from Logger.exe, refer to his screen capture at:
http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-components-postattachments/00-02-12-38-57/API_5F00_TRACING5.jpg


OPENVMS NOTE:

Even if your program does not log any system call activity, the produced trace
file is very verbose. A possible reason for this may be because OpenVMS totally 
lacks a fork system call enabling to isolate the program activity from the
process/sslog activity.


REFERENCE(S):

For Solaris, refer to the following URL:
http://www.idevelopment.info/data/Unix/Solaris/SOLARIS_UsingthetrussCommandinSolaris.shtml

For HP-UX, to download and get on-line help, go to the following URL:
http://h21007.www2.hp.com/portal/site/dspp/PAGE.template/page.document?ciid=61086d6e1de021106d6e1de02110275d6e10RCRD

On Tru64, truss is installable from the Associated Products CD. Refer to:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=110&prodSeriesId=417329&prodTypeId=18964&objectID=c01686523

For Linux, strace man can be found at the following URL:
http://linux.die.net/man/1/strace

For OpenVMS systems, refer to "set process/sslog" and "analyze/sslog" on-line
helps.