Eu investiguei o código-fonte strace 4.9 e achei isto:
{ 3, TD|TF, sys_open, "open" }, /* 5 */
{ 2, TD|TF, sys_creat, "creat" }, /* 8 */
{ 2, TF, sys_link, "link" }, /* 9 */
{ 1, TF, sys_unlink, "unlink" }, /* 10 */
{ 3, TF|TP|SE|SI, sys_execve, "execve" }, /* 11 */
{ 1, TF, sys_chdir, "chdir" }, /* 12 */
{ 3, TF, sys_mknod, "mknod" }, /* 14 */
{ 2, TF, sys_chmod, "chmod" }, /* 15 */
{ 3, TF, sys_chown, "lchown" }, /* 16 */
{ 2, TF, sys_oldstat, "oldstat" }, /* 18 */
{ 5, TF, sys_mount, "mount" }, /* 21 */
{ 1, TF, sys_umount, "oldumount" }, /* 22 */
{ 2, TF, sys_utime, "utime" }, /* 30 */
{ 2, TF, sys_access, "access" }, /* 33 */
{ 2, TF, sys_rename, "rename" }, /* 38 */
{ 2, TF, sys_mkdir, "mkdir" }, /* 39 */
{ 1, TF, sys_rmdir, "rmdir" }, /* 40 */
{ 1, TF, sys_acct, "acct" }, /* 51 */
{ 2, TF, sys_umount2, "umount" }, /* 52 */
{ 1, TF, sys_chroot, "chroot" }, /* 61 */
{ 2, TF, sys_symlink, "symlink" }, /* 83 */
{ 2, TF, sys_oldlstat, "oldlstat" }, /* 84 */
{ 3, TF, sys_readlink, "readlink" }, /* 85 */
{ 1, TF, sys_uselib, "uselib" }, /* 86 */
{ 2, TF, sys_swapon, "swapon" }, /* 87 */
{ 2, TF, sys_truncate, "truncate" }, /* 92 */
{ 2, TF, sys_statfs, "statfs" }, /* 99 */
{ 2, TF, sys_stat, "stat" }, /* 106 */
{ 2, TF, sys_lstat, "lstat" }, /* 107 */
{ 1, TF, sys_swapoff, "swapoff" }, /* 115 */
{ 4, TF, sys_quotactl, "quotactl" }, /* 131 */
{ 3, TF, sys_chown, "chown" }, /* 182 */
{ 2, TF, sys_getcwd, "getcwd" }, /* 183 */
{ 3, TF, sys_truncate64, "truncate64" }, /* 193 */
{ 2, TF, sys_stat64, "stat64" }, /* 195 */
{ 2, TF, sys_lstat64, "lstat64" }, /* 196 */
{ 3, TF, sys_chown, "lchown32" }, /* 198 */
{ 3, TF, sys_chown, "chown32" }, /* 212 */
{ 2, TF, sys_pivotroot, "pivot_root" }, /* 217 */
{ 5, TF, sys_setxattr, "setxattr" }, /* 226 */
{ 5, TF, sys_setxattr, "lsetxattr" }, /* 227 */
{ 4, TF, sys_getxattr, "getxattr" }, /* 229 */
{ 4, TF, sys_getxattr, "lgetxattr" }, /* 230 */
{ 3, TF, sys_listxattr, "listxattr" }, /* 232 */
{ 3, TF, sys_listxattr, "llistxattr" }, /* 233 */
{ 2, TF, sys_removexattr, "removexattr" }, /* 235 */
{ 2, TF, sys_removexattr, "lremovexattr" }, /* 236 */
{ 3, TF, sys_statfs64, "statfs64" }, /* 268 */
{ 2, TF, sys_utimes, "utimes" }, /* 271 */
{ 4, TD|TF, sys_openat, "openat" }, /* 295 */
{ 3, TD|TF, sys_mkdirat, "mkdirat" }, /* 296 */
{ 4, TD|TF, sys_mknodat, "mknodat" }, /* 297 */
{ 5, TD|TF, sys_fchownat, "fchownat" }, /* 298 */
{ 3, TD|TF, sys_futimesat, "futimesat" }, /* 299 */
{ 4, TD|TF, sys_newfstatat, "fstatat64" }, /* 300 */
{ 3, TD|TF, sys_unlinkat, "unlinkat" }, /* 301 */
{ 4, TD|TF, sys_renameat, "renameat" }, /* 302 */
{ 5, TD|TF, sys_linkat, "linkat" }, /* 303 */
{ 3, TD|TF, sys_symlinkat, "symlinkat" }, /* 304 */
{ 4, TD|TF, sys_readlinkat, "readlinkat" }, /* 305 */
{ 3, TD|TF, sys_fchmodat, "fchmodat" }, /* 306 */
{ 3, TD|TF, sys_faccessat, "faccessat" }, /* 307 */
{ 4, TD|TF, sys_utimensat, "utimensat" }, /* 320 */
{ 6, TD|TF, sys_fanotify_mark, "fanotify_mark" }, /* 339 */
{ 5, TD|TF, sys_name_to_handle_at, "name_to_handle_at"}, /* 341 */
{ 5, TD|TF, sys_renameat2, "renameat2" }, /* 353 */
TF significa classe de chamadas de sistema relacionadas ao arquivo usadas por strace .
Observe que esta lista de exemplos é para a arquitetura i386 . A lista pode ser diferente para outras plataformas.
e nomes longos para aulas:
/* Define these shorthand notations to simplify the syscallent files. */
#define TD TRACE_DESC
#define TF TRACE_FILE
#define TI TRACE_IPC
#define TN TRACE_NETWORK
#define TP TRACE_PROCESS
#define TS TRACE_SIGNAL
#define TM TRACE_MEMORY
#define NF SYSCALL_NEVER_FAILS
#define MA MAX_ARGS
#define SI STACKTRACE_INVALIDATE_CACHE
#define SE STACKTRACE_CAPTURE_ON_ENTER
Espero que isso ajude.