6

I would like to trace the function calls to a particular library, call it libfoo. Unfortunately the documentation I have found on it is sparse, so I have a lot of questions.

In the documentation of libfoo, it lists the calls foo_a, foo_b, foo_c .. as api calls. In a Windows DLL, generating such a call list is easy, each external call must be declared so (dllexport(DLL) or something like that), a simple script would extract all the exported symbols. How would I go about generating such a list for linux shared objects.

Once I generate such a list, how do I go about using it with ltrace to generate a trace of the calls using a particular program. Also how do I expand out the ( C ) string arguments in those calls?

Mouse.The.Lucky.Dog
  • 2,027
  • 2
  • 26
  • 37
  • 1
    Do you want to trace all the functions in libfoo, or just the functions whose names begin with `foo_`? – Mark Plotnick Apr 16 '15 at 16:07
  • You can get a list of all dynamic symbols exported by your library by running `objdump -T` over it. But it looks like you just want ltrace's `-l`? ltrace will show strings up to a default size, but you can expand that with `-s`. Am I missing something here? – Josip Rodin Jul 09 '16 at 14:29

1 Answers1

1

There are some tools you can use to do this; the one that will be immediately available is perf.

Lets say I want to see in real time what's going on with firefox process; I could do perf top -p <pidof firefox>; you will see output such as:

Samples: 802  of event 'cycles', Event count (approx.): 374901537                                                
Overhead  Shared Object                Symbol                                                                    
   1.29%  libpthread-2.21.so           [.] pthread_mutex_unlock
   1.12%  [kernel]                     [k] ksize
   0.84%  firefox                      [.] 0x0000000000012bcc
   0.71%  libpthread-2.21.so           [.] pthread_mutex_lock
   0.64%  [kernel]                     [k] flat_send_IPI_mask
   0.63%  firefox                      [.] 0x0000000000012bdd
   0.61%  libmozsqlite3.so             [.] 0x000000000000cfd0
   0.60%  [kernel]                     [k] page_fault
   0.60%  libxul.so                    [.] 0x000000000233fa58
   0.56%  [kernel]                     [k] nf_nat_ipv4_local_fn

You could then use ? to see what you can do in the interface; you could zoom in to a symbol using d. You can browse details of a map of a symbol to see exact calls of a process.

You probably want to aggregate data; you can use perf record to do that instead of perf top.

There are other tools you can use such as SystemTap or an actual debugger.