Question

I'm trying to use strace to understand how a binary program uses memory.

However, the default output of strace, in an attempt to be more user friendly, prints any char * buffers as the respective strings.

read(3, "Tell me, Muse, of that man of ma"..., 4096) = 270

Is there any way to tell strace to print the actual address of the string next to its contents?

If it's not possible to have both, printing only the address of the string instead of its truncated contents would also be ok.

Was it helpful?

Solution 2

You could download the source of strace and modify all these tprintf("%s", ...) to tprintf("%p", ...), and build a local copy of strace.

OTHER TIPS

-e raw=read should do what you want already. There should be no need for source modification.

broadway@creepspread:~% strace -e raw=read ls 2>&1|grep ^read
read(0x3, 0x7fff5ea52e78, 0x340) = 0x340
read(0x3, 0x7fff5ea52e48, 0x340) = 0x340
read(0x3, 0x7fff5ea52e18, 0x340) = 0x340
read(0x3, 0x7fff5ea52de8, 0x340) = 0x340
read(0x3, 0x7fff5ea52ca8, 0x340) = 0x340
read(0x3, 0x7fff5ea52c48, 0x340) = 0x340
read(0x3, 0x7fff5ea52c18, 0x340) = 0x340
read(0x3, 0x7fef1433f000, 0x400) = 0x136
read(0x3, 0x7fef1433f000, 0x400) = 0

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top