x86
Reputation: 123
How does strace interpret syscall arguments?
I know it uses ptrace for implementation,
and it can get arguments in registers,
but they're numbers only,
how does strace convert them into literal information?
Is it just hard code for every syscall?
Upvotes: 1
Views: 715
Answers (1)
Chris Dodd
Reputation: 126203
Basically, yes, its hardcoded. If you look at the sourcecode (detail), you can see big tables of system calls and big switch statements that know how to decode all their various arguments and return values for multiple different OSes and CPUs
Upvotes: 2
Related Questions
- How does strace work?
- PTRACE_GET_SYSCALL_INFO always returns info.op as "PTRACE_SYSCALL_INFO_NONE"
- Why does strace ignore some syscalls (randomly) depending on environment/kernel?
- How to use ptrace(2) to change behaviour of syscalls? My example is not working, why?
- Recoding Strace, why I can't catch the "write syscall ?"
- Can strace tell me where in my code a syscall is called?
- What exactly does strace output?
- Syscalls in strace
- Counting syscalls of a program and checking validity of the results with strace
- How to find out what these syscall_983045, syscall_322 syscalls in strace output?