tracexec

A small utility for tracing execve{,at}.

tracexec helps you to figure out what and how programs get executed when you execute a program.

Status:

• Minimum Viable Product. It works, but neither the output nor the CLI is stable.
• Shitty code 💩 with no tests at all 👿.
• Anyway, it should be helpful for debugging and troubleshooting.

Showcases

Default mode

By default, tracexec will print filename, argv and the diff of the environment variables.

example: tracexec log -- bash (In an interactive bash shell)

Reconstruct the command line with --show-cmdline

$ tracexec log --show-cmdline -- <command>
# example:
$ tracexec log --show-cmdline -- firefox

Show the interpreter indicated by shebang with --show-interpreter

And show the cwd with --show-cwd.

$ tracexec log --show-interpreter --show-cwd -- <command>
# example: Running Arch Linux makepkg
$ tracexec log --show-interpreter --show-cwd -- makepkg -f

Installation

From source

Via cargo:

cargo install tracexec

You can also install tracexec from AUR.

Binary

You can download the binary from the release page

You can also install tracexec-bin from AUR.

Usage

Run tracexec in logging mode

Usage: tracexec log [OPTIONS] -- <CMD>...

Arguments:
  <CMD>...  command to be executed

Options:
      --successful-only            Only show successful calls
      --show-cmdline               Print commandline that reproduces what was executed. Note that when filename and argv[0] differs, it probably won't give you the correct commandline for now. Implies --successful-only
      --show-interpreter           Try to show script interpreter indicated by shebang
      --more-colors                More colors
      --less-colors                Less colors
      --show-children              Print a message when a child is created
      --seccomp-bpf <SECCOMP_BPF>  seccomp-bpf filtering option [default: auto] [possible values: auto, on, off]
      --diff-env                   Diff environment variables with the original environment
      --no-diff-env                Do not diff environment variables
      --show-env                   Show environment variables
      --no-show-env                Do not show environment variables
      --show-comm                  Show comm
      --no-show-comm               Do not show comm
      --show-argv                  Show argv
      --no-show-argv               Do not show argv
      --show-filename              Show filename
      --no-show-filename           Do not show filename
      --show-cwd                   Show cwd
      --no-show-cwd                Do not show cwd
      --decode-errno               Decode errno values
      --no-decode-errno            
  -o, --output <OUTPUT>            Output, stderr by default. A single hyphen '-' represents stdout.
  -h, --help                       Print help

The recommended way to use tracexec is to create an alias with your favorite options in your bashrc:

alias tracex='tracexec log --show-cmdline --show-interpreter --show-children --show-filename --'
# Now you can use
tracex <command>

Known issues

• Non UTF-8 strings are converted to UTF-8 in a lossy way, which means that the output may be inaccurate.
• The output is not stable yet, which means that the output may change in the future.
• No tests yet.

Origin

This project was born out of the need to trace the execution of programs.

Initially I simply use strace -Y -f -qqq -s99999 -e trace=execve,execveat <command>.

But the output is still too verbose so that's why I created this project.

Credits

This project takes inspiration from strace and lurk.