strace snippets

##################################################
# tracing process(es) 
# (scroll down for tracing a service)
##################################################

--------------------------------------------------
the following is assumed for all commands before:
--------------------------------------------------
adb shell

ps |grep whateverproc
--> get the pid (FILLINPID on the next lines)

--------------------------------------------------
execute a binary by strace and output to a file
--------------------------------------------------
strace -tt -y -ff -a 120 -s 600 -o /tmp/strace.log <BINARY>

the following allows to filter before:
strace -tt -y -ff -a 120 -s 600 <BINARY> 2>&1 |grep -v ppoll > /tmp/strace.log

--------------------------------------------------
attach to a running single pid and output to a file
--------------------------------------------------
strace -tt -y -ff -a 120 -s 600 -p FILLINPID -o /tmp/strace.log

the following allows to filter before:
strace -tt -y -ff -a 120 -s 600 -p FILLINPID 2>&1 |grep -v ppoll > /tmp/strace.log

--------------------------------------------------
multiple pids (non-forked ones) at the same time
--------------------------------------------------
check "ARGS EXPLAINED" bc usually this is not needed due to -ff

strace -tt -y -a 120 -s 600 -ff -p FILLINPID1 -p FILLINPID2 -o /tmp/strace.log

again here with a filter:
strace -tt -y -a 120 -s 600 -ff -p FILLINPID1 -p FILLINPID2 2>&1 |grep -v ppoll > /tmp/strace.log

--------------------------------------------------
dynamic (unknown) pid (or when just being lazy)
--------------------------------------------------
<FILL-IN-COMMAND> is what you see in "ps":

strace -y -ff -a 120 -s 600 -tt -p $(ps -A -o pid,command | grep '<FILL-IN-COMMAND>' | egrep -o '[0-9]+')

or without adb shell before (beware of the quotes! requires linux):
adb shell "strace -y -ff -a 120 -s 600 -tt -p \$(ps -A -o pid,command | grep '<FILL-IN-COMMAND>' | egrep -o '[0-9]+')" 2>&1 | egrep -v "ppoll|nanosl|dbfifo"

--------------------------------------------------
PIPE grep (| grep) for all files accessed
--------------------------------------------------
 strace ... 2>&1 | grep -v pmsg | egrep "faccessat|fstatat64|openat|denied|fail"



##################################################
# tracing SERVICE(S)
##################################################

# prepare service, yes even start it!
stop <service-name>
setprop ctl.sigstop_on <service-name>
start <service-name>

# find sigstopped init and attach strace to it
ps -A |grep stop (find the sigstopped init PID : "do_signal_stop")
strace -tt -y -a 120 -s 600 -ff -p <PID> 

or if you want to save the output to a file:
strace -tt -y -a 120 -s 600 -ff -p <PID> -o /sdcard/Download/strace_service.log

# continue starting the service
# open a NEW adb shell and:
kill -SIGCONT <pid of the above sigstopped init>



##################################################
ARGS EXPLAINED
##################################################

-y    : print paths associated with file descriptor arguments
-tt   : print absolute timestamp with usecs
-ff   : follow forks with output into separate files (mainly for "-o" only)
-a    : alignment COLUMN for printing syscall results (default 40)
-s    : limit length of print strings to STRSIZE chars (default 32)
-p    : pid of the process we want to attach to
-o    : output everything to a give file instead of stdin (-ff is recommended then, too)