home | list info | list archive | date index | thread index

[OCLUG-Tech] strace part 2

After looking through my strace output, and I'm looking for answers to the following:

(1) while everything I see output from strace is being performed in the name (number) of the process, some of what I'm seeing is being done by the loader and can't be traced back to source. Can someone confirm this?

(2) I could get strace to dump the address of the call but I'd have to resolve those addresses to see if the address is within an address range of the executable of if its being done by something in shared library of somewhere else. What can I use to help me differentiate a system call invoked directly vs indirectly?

(3) Are the address ranges provided by objdump virtual addresses and can objdump be used to help pick apart the running applications virtual memory map?

(4) where is the virtual memory map for a process documented?


Take advantage of powerful junk e-mail filters built on patented Microsoft® SmartScreen Technology. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.