Kernel Systemcall Tracer for Linux
What is kstrax? | The features of kstrax | Screen shots | Link
The development of this program is partly supported by IPA
(Information-Technology Promotion Agency, Japan).
What is kstrax?
kstrax(Kernel Systemcall Tracer for Linux) is the tool which records systemcall information in the kernel space. kstrax also analyzes and displays the information in the user space.
It can trace all systemcalls executed on the system without any change of the kernel source code. kstrax supports IA-32 and IA-64 architecture.
kstrax consists of the following two parts;
Systemcall information and statistics information can be displayed by the analyzer.
- Tracer of the systemcall.
- Analyzer of the traced log.
The followings are required to compile, and to execute kstrax.
kstrax can work on the following environment.
- Kernel header files necessary for the driver's compilation (kernel-devel package).
- RedHat Enterprise Linux App Server 4 Update 1 (2.6.9-11.ELsmp)
The features of kstrax
Getting systemcall information
kstrax has following three trace modes;
- all trace mode -- trace the all systemcall.
- specific trace mode -- trace the specific kind of systemcall.
- process trace mode -- trace the all systemcall invoked by the specific process.
Analyzing trace log
Kstrax can display the normal systemcall information, raw mode information, statistics information. The following points are different.
- normal mode -- make call entry and return entry to the pair and display it.
- raw mode -- call and return entry are separately displayed.
- statistics mode -- display the statistics information of executed systemcalls.
Example of tracing all systemcall on the system.
Example of tracing all systemcall invoked by specific process
Example of tracing specific kind of systemcall (related to file)
Example of graph mode.
All Right Reserved, Copyright (C) 2006, Hitachi, Ltd.
This website is hosted by