有没有办法获得从C标准库中的函数一直到系统调用的完整函数调用链？

有没有办法获得从C标准库中的函数一直到系统调用的完整函数调用链？

调试器就是为此而设计的。调试

echo

$ gdb echo
(gdb) catch syscall 1
Catchpoint 1 (syscall 'write' [1])
(gdb) r
Starting program: /usr/bin/echo 
Downloading separate debug info for /lib64/ld-linux-x86-64.so.2
Downloading separate debug info for system-supplied DSO at 0x7ffff7fc8000                                                               
Downloading separate debug info for /usr/lib/libc.so.6                                                                                  
[Thread debugging using libthread_db enabled]                                                                                           
Using host libthread_db library "/usr/lib/libthread_db.so.1".

Catchpoint 1 (call to syscall write), 0x00007ffff7e9d034 in write () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff7e9d034 in write () from /usr/lib/libc.so.6
#1  0x00007ffff7e1dd4d in _IO_file_write () from /usr/lib/libc.so.6
#2  0x00007ffff7e1c014 in ?? () from /usr/lib/libc.so.6
#3  0x00007ffff7e1ce19 in _IO_do_write () from /usr/lib/libc.so.6
#4  0x00007ffff7e1d353 in _IO_file_overflow () from /usr/lib/libc.so.6
#5  0x0000555555556741 in putchar_unlocked (__c=10) at /usr/include/bits/stdio.h:110
#6  main (argc=<optimized out>, argv=<optimized out>) at src/echo.c:275

您可以使用密件抄送的

stackcount

stackcount-bpfcc -p [pid_of_your_process] t:syscalls:sys_enter_write

在 Ubuntu 上，您可以使用

apt install bpfcc-tools