ktrace
From NetBSD Wiki
ktrace(1) enables kernel trace logging for the specified processes. Kernel
trace data is logged to the file ktrace.out. The kernel operations that
are traced include system calls, namei translations, signal processing,
and I/O.
Once tracing is enabled on a process, trace data will be logged until either the process exits or the trace point is cleared. A traced process can generate enormous amounts of log data quickly; It is strongly suggested that users memorize how to disable tracing before attempting to trace a process. The following command is sufficient to disable tracing on all user owned processes, and, if executed by root, all processes:
$ ktrace -C
The trace file is not human readable - use kdump to decode it.
Examples
Run the command "w", tracing only system calls
$ ktrace -tc w
To read the file ktrace.out, you will need kdump:
$ kdump ktrace.out
2017 1 ktrace CALL execve(0xbfbfe8ac,0xbfbfed7c,0xbfbfed84) 2017 1 ktrace RET execve -1 errno 2 No such file or directory 2017 1 ktrace CALL execve(0xbfbfe8ac,0xbfbfed7c,0xbfbfed84) 2017 1 ktrace RET execve -1 errno 2 No such file or directory 2017 1 ktrace CALL execve(0xbfbfe8ac,0xbfbfed7c,0xbfbfed84) 2017 1 ktrace RET execve -1 errno 2 No such file or directory 2017 1 ktrace CALL execve(0xbfbfe8ac,0xbfbfed7c,0xbfbfed84) 2017 1 w RET execve JUSTRETURN 2017 1 w CALL mmap(0,0x8000,3,0x1002,0xffffffff,0,0,0) 2017 1 w RET mmap -1145135104/0xbbbea000 2017 1 w CALL open(0xbbbfbb3e,0,0xffffffff) 2017 1 w RET open 3 2017 1 w CALL __fstat30(3,0xbfbfec90) 2017 1 w RET __fstat30 0 2017 1 w CALL mmap(0,0x37,1,1,3,0,0,0) 2017 1 w RET mmap -1145139200/0xbbbe9000 2017 1 w CALL close(3) 2017 1 w RET close 0 2017 1 w CALL munmap(0xbbbe9000,0x37) 2017 1 w RET munmap 0 2017 1 w CALL open(0xbfbfe664,0,0) 2017 1 w RET open 3 2017 1 w CALL __fstat30(3,0xbfbfe5ac) 2017 1 w RET __fstat30 0 ...
