extrace is a command-line tool that can be used to trace the exec() system calls made by a process. exec() is a system call that is used to execute a new program, replacing the current process. This call is often used to run other programs, scripts or commands.
extrace is used to trace the exec() system calls made by a process, it does this by monitoring the process system calls and printing a line of output to the terminal every time it detects an exec() call. The output will include the process ID of the process that made the call, the path to the program that was executed, and any command-line arguments passed to the program.
extrace can be useful for understanding how a process works and what it is doing. It can also be used to troubleshoot issues with a process, and to understand what other programs or commands are being executed by a process.
If you encounter the below error while running the command extrace:
extrace: command not found
you may try installing the below package as per your choice of distribution:
| Distribution | Command |
|---|---|
| Debian | apt-get install extrace |
| Ubuntu | apt-get install extrace |
| Kali Linux | apt-get install extrace |
extrace Command Examples
1. Trace all program executions occurring on the system:
# sudo extrace
2. Run a command and only trace descendants of this command:
# sudo extrace command
3. Print the current working directory of each process:
# sudo extrace -d
4. Resolve the full path of each executable:
# sudo extrace -l
5. Display the user running each process:
# sudo extrace -u