strace

Program on Linux (and maybe other flavours of UN*X?) to run a command, logging all syscalls and signals. This is an incredibly useful tool sometimes, but you always need to grep the output to find what you're looking for.

Applications include:

• Reverse engineering.
• Debugging problems that are in third-party code for which you don't have source code.
• Hacking.
• Cracking (sorry).

If you're afraid of that last application, don't delete strace! Your problem isn't there, it's in the kernel hooks which let the program do its work! In other words, the bad guys can just bring their own version, while the good guys have been deprived of an important tool.

On most other UN*X systems, what is called strace does something else completely. On Solaris, Sun at least give you truss, which does what strace does.

FreeBSD has ktrace, which is similar to strace but much more painful to use because it creates a binary trace file that you have to interpret in a second pass.

strace is also my primary performance optimization tool, which may seem strange, but a large percentage of performance problems can be tracked to too many read or write or other system calls.

strace also has facilities for tracking how long each system call took, and even summarizing the total amount of time spent per system call.