The development of this program is partly supported by IPA
(Information-Technology Promotion Agency, Japan).
What is kstrax?
kstrax(Kernel Systemcall Tracer for Linux) is the tool which records systemcall information in the kernel space. kstrax also analyzes and displays the information in the user space.
It can trace all systemcalls executed on the system without any change of the kernel source code. kstrax supports IA-32 and IA-64 architecture.
kstrax programs
kstrax consists of the following two parts;
Tracer of the systemcall.
Analyzer of the traced log.
Systemcall information and statistics information can be displayed by the analyzer.
Compile/Execution environment
The followings are required to compile, and to execute kstrax.
Kernel header files necessary for the driver's compilation (kernel-devel package).
kstrax can work on the following environment.
RedHat Enterprise Linux App Server 4 Update 1 (2.6.9-11.ELsmp)
The features of kstrax
Getting systemcall information
kstrax has following three trace modes;
all trace mode -- trace the all systemcall.
specific trace mode -- trace the specific kind of systemcall.
process trace mode -- trace the all systemcall invoked by the specific process.
Analyzing trace log
Kstrax can display the normal systemcall information, raw mode information, statistics information. The following points are different.
normal mode -- make call entry and return entry to the pair and display it.
raw mode -- call and return entry are separately displayed.
statistics mode -- display the statistics information of executed systemcalls.