The posix-omni-parser aims to parse the traced system calls from various interposing utilities (eg strace on Linux, truss on Solaris, dtrace on BSD and Mac OSX) on different POSIX-compliant platforms into a more useful representation.
This module contains the Trace object, which is used to capture all the extracted information from a trace file.Example using this module: import Trace trace = Trace.Trace(path_to_trace) print(trace)
The Trace object represents an entire system call trace, which means that it holds all the information extracted from a system call trace file created by an interposition utility such as the strace utility on Linux, the truss utility on Solaris or the dtrace utility on BSD and OSX platforms.
self.trace_path:
The path to the file containing the traced system calls.
self.tracing_utility:
The detected tracing utility used to generate the trace file, e.g strace.
self.parser:
The parser to use in order to extract the information from the trace file.
The choice of parser depends on the tracing utility used to generate the
trace file, i.e self.tracing_utility.
self.syscalls:
This variable holds all the parsed system calls. It is a list of Syscall
objects returned by the parser.
self.platform:
The platform in which the trace is parsed on (sys.platform). This is
especially useful when creating a trace bundle containing not only the
parsed system calls but also a representation of all the files referenced
in trace file.
The path to a file generated by the strace utility must be passed to the constructor method when initializing a StraceParser object. Then the parse_trace method of the parser can be called, which will return a list of Syscall objects, each containing all the information about a single system call parsed from the strace output file.
Example using this module:
import StraceParser
parser = StraceParser.StraceParser(path_to_trace)
print(parser)
# this will return a list of Syscall objects.
syscalls = parser.parse_trace()
The path to a file generated by the truss utility must be passed to the constructor method when initializing a TrussParser object. Then the parse_trace method of the parser can be called, which will return a list of Syscall objects, each containing all the information about a single system call parsed from the truss output file.
Example using this module: import TrussParser
parser = TrussParser.TrussParser(path_to_trace)
print(parser)
# this will return a list of Syscall objects.
syscalls = parser.parse_trace()
self.original_line:
A string holding the original line from which this object was created.
self.type:
The type of the system call. This can be one of the UNFINISHED, RESUMED or
COMPLETE.
self.pid:
The process id of this system call.
self.name:
The name of the system call.
self.args:
A tuple containing all the arguments of the system call. The value of each
argument can be either a string or wrapped into a more meaningful class.
self.ret:
A tuple holding the return part of the system call. This tuple should
always contain two items. The first one is the return value of the system
call. The second is either a string holding the error label eg "EACCES"
in case the system call had an error or None if the syscall executed
correctly.
self.inst_pointer:
The instruction pointer at the time of the system call.
self.timestamp:
This value can have different formats and content according to the parser
options. For example it can hold a relative timestamp indicating the
interval between the beginning of successive syscalls or it can hold the
time the syscall was executed.
self.elapsed_time:
The time difference between the beginning and the end of the system call.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent