pjc50 8 days ago

Plus points for using strace. It's one of those debugging tools everyone know about for emergencies that can't be solved at a higher level, and a great convenience of using Linux. The Windows ETW system is much harder to use, and I'm not sure if it's even possible at all under OSX security.

4
throwway120385 8 days ago

I have solved an incredible number of problems just by looking at strace output very carefully. Strace combined with Wireshark or Tcpdump are incredible as a toolset for capturing what a program is doing and for capturing what the effect is either on the USB or the NIC.

mrguyorama 8 days ago

The chrome folks built https://randomascii.wordpress.com/2015/04/14/uiforetw-window... to improve ETW usability.

You usually don't need that full industrial level tracing though on Windows! Process Monitor is 95% of the solution for most people, and provides very similar functionality to strace, if a lot easier to read.

frizlab 8 days ago

macOS has dtrace which is actually nicer to use. Cannot be used on all processes when SIP is on though.

1 reply
pjc50 8 days ago

Last time I tried SIP prevented me from using it on my own processes, but I may have been holding it wrong.

dontlaugh 8 days ago

macOS’s Solaris-inspired dtrace is actually nicer, especially the UI.

1 reply
pjc50 8 days ago

Is there a guide for how to use this, including the UI, with SIP on?

1 reply
jntun 8 days ago

Instruments is implemented under-the-hood with dtrace, that could be what they are referring to.

1 reply
dontlaugh 8 days ago

Yes. Most things run well with Instruments attached. I’ve only used the dtrace cli a few times.