I have an application (the source for which I don’t have), which can be invoked from command line like this
$ ./notmyapp
I want to know all the locations where the application is writing to. It outputs some files in the directory it is being called from, but I need to make sure that those are the only files that are created.
So, I need to isolate the application to find out which all files it created/edited while it was running.
How can I do this?
Some way using Perl or C or C++? Do any of the standard libraries in these languages have ways to do this?
strace,ktrace/kdump,truss,dtruss, or whatever other program your platform provides for tracing system calls is probably what you’re looking for.Expect lots of output from any of those. To figure out what files the application is reading and writing to, you might want to limit the output to just a few syscalls.
strace -eopen ./notmyapp, for example.The application might also fork off child processes to do some of its work. With most system call tracers, you’ll have to be specific about tracing those child processes as well. With strace, that’d be
strace -f ./notmyapp.