AIX5.1开始提供truss工具,但是常见的Aix4.3及以前的版本都没有该工具,在网上找了找,找到如下信息:
Re: How to trace system level call in AIX
- To: Vuln-Dev <VULN-DEV@securityfocus.com>
- Subject: Re: How to trace system level call in AIX
- From: Michael Wojcik <Michael.Wojcik@microfocus.com>
- Date: Wed, 19 Dec 2001 07:27:49 -0800
- Delivered-to: rusfw@cert.uni-stuttgart.de
- Delivered-to: Weimer@CERT.Uni-Stuttgart.DE
- Delivered-to: explode-vuln-dev@mercury.rus.uni-stuttgart.de
- Delivered-to: mailing list vuln-dev@securityfocus.com
- Delivered-to: moderator for vuln-dev@securityfocus.com
- List-help: <mailto:vuln-dev-help@securityfocus.com>
- List-id: <vuln-dev.list-id.securityfocus.com>
- List-post: <mailto:vuln-dev@securityfocus.com>
- List-subscribe: <mailto:vuln-dev-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:vuln-dev-unsubscribe@securityfocus.com>
- Mailing-list: contact vuln-dev-help@securityfocus.com; run by ezmlm
There's a third-party product for AIX 4 (and 3) which is similar to truss: sctrace, from SevOne Software. It's quite good, but you do have to pay for it. AIX's trace facility is actually quite powerful (you can do some interesting things if you dig into its innards and rewrite the template file), but it's not nearly as convenient for quick tracing of a single process as truss/ltrace/sctrace. Michael Wojcik 402 438-7842 Software Systems Developer Micro Focus > -----Original Message----- > From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu] > Sent: Tuesday, December 18, 2001 4:13 PM > To: Minchu Mo > Cc: vuln-dev@securityfocus.com > Subject: Re: How to trace system level call in AIX > > > On Mon, 17 Dec 2001 20:36:12 GMT, Minchu Mo > <morris_minchu@iwon.com> said: > > Somthing like truss in solaris, ltrace in linux. Anybody > > know the command used to trace system call in AIX? > > AIX 5.1 has 'truss'. > > AIX 4.3.3 and earlier you can use the 'trace' command - but > it's a pain > because it's a system-level trace from which you can then extract the > information for the process you cared about. > > -- > Valdis Kletnieks > Operating Systems Analyst > Virginia Tech > > 然后又找到这个,但是运行出错
truss Command
Audience: Administrators
Date: June 22, 2001
The "truss" utility traces system calls. It's a popular System V tool that allows administrators to identify performance bottlenecks within applications.
The truss command is available in AIX starting in at version 5.1. The following shell script emulates the truss functionality in AIX 4.3.
#!/bin/ksh # Name: truss.sh # Purpose: to make AIX trace look like the truss command # Caveat: Unsupported tool. Use at your own risk. show_usage() { echo "Usage: $0 [-P] [-n] [-p pid] [-t tempfile][-s sleeptime | command]" echo " -P show process id's in the output" echo " -n show process names in the output" echo " -p pid trcrpt only for this pid" echo " -s seconds trace for period of time" echo " -t tempfile path name to file that will be used for trace" echo " command execute this command and stop trace/c" echo " after command is done./n" exit 0 } [ "$#" = 0 ] && show_usage set -- `getopt t:s:p:nP "$@"` || show_usage while :; do case $1 in -s) sleeptime=$2 shift 2;; -p) pid=$2 shift 2;; -n) EXEC="exec=on," shift;; -P) PIDNUM="pid=on," shift;; --) shift break;; esac done command="$*" [ -n "$command" -a -n "$sleeptime" ] && show_usage [ -n "$pid" ] && PID="-p $pid" hooks="101,104,107,106,134,139,15B,130,19C,163,169,120,122,108,12E,14C,154,/ 152,15F,14E,137,135,13A,19B,13E,174,175,176,177,178,179,17A,17B,17D,17E,/ 17F,1A7,1A8,1A4,1A5,1A6,180,18F,195,18E,1A9,1AA,1AC,1AB,1F0,1AF,1AE,1AD" do_trace() { logsize=$1;bufsize=$2; trace -n -a -L $logsize -T $bufsize -j $hooks -do trace.out || return $? } do_trace 8000000 4000000 || { echo "You do not have privilege as this uid to allocate a large trace buffer" echo "Trying with a smaller buffer, but you may lose data" do_trace 8000000 1000000 || { echo "You do not have privilege as this uid to allocate a large trace buffer" trcstop exit 1 } } trcon if [ -n "$sleeptime" ]; then sleep $sleeptime else $command # run the command fi # do whatever you want here trcstop trcrpt -k 106 ${PID} -h -O ${EXEC}${PIDNUM}ids=0,timestamp=3 trace.out # > trcrpt.out