What is this fork?
The purpose of this fork is to make make minor fixes that I need for my work on CrashSimulator. Additionally, I've done some reorganizing so this package can be installed as a package and imported without Python path manipulations.
The posix-omni-parser tool aims to parse the traced system calls from various interposing utilities (eg strace on Linux, truss on Solaris, dtrace on BSD and Mac OSX) on different POSIX-compliant platforms into a more useful representation.
This module contains the Trace object, which is used to capture all the extracted information from a trace file.
Example using this module: import Trace trace = Trace.Trace(path_to_trace) print(trace)
The Trace object represents an entire system call trace, which means that it holds all the information extracted from a system call trace file created by an interposition utility such as the strace utility on Linux, the truss utility on Solaris or the dtrace utility on BSD and OSX platforms.
self.trace_path: The path to the file containing the traced system calls. self.tracing_utility: The detected tracing utility used to generate the trace file, e.g strace. self.parser: The parser to use in order to extract the information from the trace file. The choice of parser depends on the tracing utility used to generate the trace file, i.e self.tracing_utility. self.syscalls: This variable holds all the parsed system calls. It is a list of Syscall objects returned by the parser. self.platform: The platform in which the trace is parsed on (sys.platform). This is especially useful when creating a trace bundle containing not only the parsed system calls but also a representation of all the files referenced in trace file.
Acts as the parent for all parsers. Defines some abstract methods required by all parsers and some helper methods that can be used by any parser. Parser Object
This module holds a set of methods needed to parse the output of the strace utility. More information about strace can be found in the manual page under most Linux platforms (man strace) StraceParser Object
The path to a file generated by the strace utility must be passed to the constructor method when initializing a StraceParser object. Then the parse_trace method of the parser can be called, which will return a list of Syscall objects, each containing all the information about a single system call parsed from the strace output file.
Example using this module:
import StraceParser parser = StraceParser.StraceParser(path_to_trace) print(parser) # this will return a list of Syscall objects. syscalls = parser.parse_trace()
This object is used to describe a system call, holding all the information extracted from the trace file. The same object is used to describe system calls independently on which utility was used to generate the trace file. Syscall Object
self.original_line: A string holding the original line from which this object was created. self.type: The type of the system call. This can be one of the UNFINISHED, RESUMED or COMPLETE. self.pid: The process id of this system call. self.name: The name of the system call. self.args: A tuple containing all the arguments of the system call. The value of each argument can be either a string or wrapped into a more meaningful class. self.ret: A tuple holding the return part of the system call. This tuple should always contain two items. The first one is the return value of the system call. The second is either a string holding the error label eg "EACCES" in case the system call had an error or None if the syscall executed correctly. self.inst_pointer: The instruction pointer at the time of the system call. self.timestamp: This value can have different formats and content according to the parser options. For example it can hold a relative timestamp indicating the interval between the beginning of successive syscalls or it can hold the time the syscall was executed. self.elapsed_time: The time difference between the beginning and the end of the system call.