Tracing calls to a shared library

末鹿安然 提交于 2019-12-04 01:57:02

The tool you are looking for is called ltrace. It allows to trace any call from the program to all (or a set of given) libraries.

For example, the following call will list any call to an external function loaded by a shared library:

$> ltrace ls /
__libc_start_main(0x4028c0, 2, 0x7fff1f4e72d8, 0x411e60 <unfinished ...>
strrchr("ls", '/')                               = nil
setlocale(LC_ALL, "")                            = "en_US.UTF-8"
bindtextdomain("coreutils", "/usr/share/locale") = "/usr/share/locale"
textdomain("coreutils")                          = "coreutils"
__cxa_atexit(0x40a200, 0, 0, 0x736c6974756572)   = 0
isatty(1)                                        = 0
getenv("QUOTING_STYLE")                          = nil
getenv("COLUMNS")                                = nil
ioctl(1, 21523, 0x7fff1f4e6e80)                  = -1
getenv("TABSIZE")                                = nil
getopt_long(2, 0x7fff1, "abcdfghiklmnopqrstuvw:xABCDFGHI:"..., 0x413080, -1) = -1
...
+++ exited (status 0) +++

If you want to focus on a particular library, then you should use the --library=pattern option:

-l, --library library_pattern
    Display only calls to functions implemented by libraries that match
    library_pattern. Multiple library patterns can be specified with several
    instances of this option. Syntax of library_pattern is described in 
    section FILTER EXPRESSIONS.

    Note that while this option selects calls that might be directed to the 
    selected libraries, there's no actual guarantee that the call won't be 
    directed elsewhere due to e.g. LD_PRELOAD or simply dependency ordering.
    If you want to make sure that symbols in given library are actually called,
    use -x @library_pattern instead.

So, for example, getting the list of calls to libselinux.so.1 is done like this:

$ ltrace -l libselinux.so.1 ls /
ls->freecon(0, 0xffffffff, 0x7f78c4eee628, 0)                           = 0
bin dev media root sbin sys usr boot etc home lib lost+found proc run tmp
+++ exited (status 0) +++

Only one call to the function freecon() is taken out this run.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!