As a part of syscall analysis, I would like to find what all syscalls are being invoked in a system from the boot to the shutdown of the system. How would I do this? Need help.
3
- 1Isn't there a way to narrow your search? Tracing all syscalls in a system will make it very slow.myaut– myaut2015-03-10 05:01:46 +00:00Commented Mar 10, 2015 at 5:01
- Obviously, that could be made by considering only some system calls.Asish K Sahadevan– Asish K Sahadevan2015-03-10 05:25:29 +00:00Commented Mar 10, 2015 at 5:25
- not very slow... just stop it. There's a quantum mechanics issue in doing so. What would be the interface to activate such a thing? a system call? if so, should this syscall be traced? If so, aren't we getting in some kind of recursive deep hole?Luis Colorado– Luis Colorado2015-03-11 14:06:02 +00:00Commented Mar 11, 2015 at 14:06
Add a comment |
3 Answers
Take a look at SystemTap. https://sourceware.org/systemtap/
It's a very powerful trace/debug framework. You can easily probe all syscalls with a few lines of stap script.
For example: https://sourceware.org/systemtap/examples/process/syscalltimes
Comments
The simplest way to trace the syscall, when you run the application, run it with "strace" command, it will list the syscall that program or application has used.
1 Comment
kaylum
The questioner wants to trace all syscalls from all applications. Not a single application. So not easily done with strace.
I think this will provide a good knowledge on tracing syscalls on different runlevels. Actually, this will trace all the user and kernel events but this we could trace only syscalls by providing options.
1 Comment
Nilambar Sharma
Link only answers are not quite appreciated. It would be good if you add some explanation.