top | item 36465947

(no title)

vaughands | 2 years ago

A quick and dirty way to do this is run the program through `strace` and find out what syscall it issues to read it.

I had to do this to figure out where Cold Steel was reading save files from years back: https://vaughanhilts.me/blog/2018/02/16/playing-trails-of-co...

discuss

hoherd|2 years ago

I do this with Brendan Gregg's opensnoop, which is standard on macOS.

https://www.brendangregg.com/blog/2014-07-25/opensnoop-for-l...

https://github.com/brendangregg/perf-tools/blob/master/opens...

userbinator|2 years ago

On Windows, Process Monitor does the same thing --- with the additional feature that, since configuration is often stored in the registry there, it will also show which registry keys it touches.

westurner|2 years ago

  ps wxa | grep <cmd>  # or pgrep
  strace -f -f -e trace=file <cmd> | grep -v '-1 ENOENT (No such file or directory)$'

IIRC there's some way to filter ENOENT messages with strace instead of grep?

Strace: https://en.wikipedia.org/wiki/Strace

msm_|2 years ago

I use quick and dirty greps all the time, even when there is a "better" option available. It just works and is very intuitive in interactive contexts. Probably GP works in a similar way.

rafark|2 years ago

Interesting. I didn’t know you could do this. I can see how this can come in handy. Apparently there’s dtruss as an alternative for OS X.

https://8thlight.com/insights/dtrace-even-better-than-strace...

sharikous|2 years ago

No more. At least with apple Silicon dtrace is completely unusable.

kevincox|2 years ago

I do this much more frequently than I would like. But occasionally you have issues where the program lists a directory then only acts on specific names. So the strace output won't tell you what the expected name is.

EdwardDiego|2 years ago

All that time I spent dicking around with lsof...

p-e-w|2 years ago

strace uses ptrace, which some programs disable with prctl as a security measure.

So while this can be a useful hack, it doesn't always work.

chungy|2 years ago

Can't disable DTrace :)

Though DTrace is "only" available on Windows, Mac OS X, Solaris, illumos, and FreeBSD.

Oracle has relicensed DTrace to be Linux-friendly and even made kernel patches, but it'll probably never end up in the mainline kernel.

patrec|2 years ago

You can use sysdig instead, which doesn't use ptrace[1] and is much faster (as well as generally more pleasant and powerful).

[1]It used to have its own kernel extension but is eEBF based these days.

w4rh4wk5|2 years ago

+1 for putting together that blog post on Cold Steel. Greetings from PH3 ;)

vaughands|2 years ago

Thank you for your efforts!

These days Proton makes a lot of this unnecessary. I hope Trails games will continue to at least function on Linux. :)