What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Shell Programming: Batch Files,continued...

Next? Next!


(store this script as "trace")

# store all calls into the OS in a file
# and call an editor afterwards to examine
# the calls

fname=$(basename $1)
echo "----------------------------------------------------------------"
echo "writing trace to /tmp/TRACE-$fname/#tracefile.$fname"
echo "----------------------------------------------------------------"
rm -fr "/tmp/TRACE-$fname"
mkdir -p "/tmp/TRACE-$fname"
strace -ff -v -x -a 40 -o /tmp/TRACE-$fname/$fname $*
cd "/tmp/TRACE-$fname"
for i in $(ls [^\#]* )
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" >> \
  echo "$i" >> "/tmp/TRACE-$fname/#tracefile.$fname"
"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" >> \
  cat $i >> "/tmp/TRACE-$fname/#tracefile.$fname"
  gzip $i

if test $TERM="linux"
    jed "/tmp/TRACE-$fname/#tracefile.$fname"
    xjed "/tmp/TRACE-$fname/#tracefile.$fname"

        WARNING!!! This shell script only works if you are logged in as root.  And sometimes it fails for some (unknown) reasons. I have used strace  version 3.1 for this one. Jed or the X-window version XJed are editors.  All other ASCII editors will also work. If your editor comes in a console and a X-windows version, you first has to check the environment variable "$TERM".

Log in your box and start "X". Start a shell and type

echo "$TERM"

        You will get something like "linux", "xterm" or so. please insert this:

     if test $TERM="linux"

        Instead of the word "linux".

        But let's start right from the beginning!

        The first line calls a tool called "basename". This one strips off all directory stuff from a fully specified path.  Example: Type:

echo `basename /usr/local/bin/xterm`

        And it will print


        Got it? OK, the result of basename is stored into a variable called fname (stands for "filename").  The echoes there print out some useful hints. Then a FORCED and RECURSIVE call of rm (remove) is done to remove a previous stored file of this script in /tmp/.



Be very careful here! This script only works if your are logged in as root. And as root, you have "the right" to delete ALL files of the system. If you mistype something, for example you accidentally wrote

   rm -rf / tmp/..........

instead of

   rm -rf /tmp/......

the call of the script will kill your system in microseconds. Better to insert a

   rm -ir /tmp/......

for testing the script. This will ask you for each file to delete, before it is gone.



You can go to jail warning: This is a perfect example of why people don't like strangers getting root on their computers!  You may think you are quietly sneaking around learning lots of stuff.  Let's say you run this script because you would like to trace system calls and YOU BLOW IT BIG TIME.  RM STAR CITY!  The Feds want your head!  Run this script on your own computer and be sure it is backed up first!


        Right after the rm a mkdir command creates a new directory in /tmp/ with the name TRACE-<name of the program to trace>

        Now the most mystic call to strace. What does strace? Strace is a tool to trace all calls into the OS of a certain program. What can it be used for? Imagine: You have installed a new program, but calling this program only produces the output

library not found, aborting

        That's it. Grmmphhh...

        And now? Strace! Strace will write down (or print) all calls into the OS of the newly installed program, so all OPEN commands will be traced, too (check "man open" !!!). If an open to a library, which is not or wrongly installed at your system will fail, you will see it in the trace file, which is written to /tmp/TRACE-<new program>

        Handy tool, isn't it?  Just be sure not to kill your system, OK? Now back to the script. First look for the bunch of options given to strace in the man pages.

        If a program calls another program, this is called a subprocess. Strace not only traces the calls into the OS of the main program, it can be configured to trace also the subprocesses of this main program. Each trace of a subprocess is written into an extra file.

        All those files are written into the /tmp/TRACE-<name of the program> directory. Now the for-loop in the script collects all files and concatenates them into one big file. After all this an editor is called to display the trace. This happens, if the program to be traced has been finished.

        OK, folks, are you beginning to feel like Uberhackers?  OK, maybe you have a few years of programming ahead of you to be an Uberhacker.  But if you are managing to write and run hacking programs now, you are already heading for the big time.  Congratulations!

        This Guide was written by Meino Christian Cramer <root@solfire.ludwigsburg.netsurf.de> with a few obnoxious but hopefully informative additions by Carolyn Meinel.  If you have questions, please email Meino and not Meinel!


Where are those back issues of GTMHHs and Happy Hacker Digests? Check out the official Happy Hacker Web page at http://www.happyhacker.org. We are against computer crime. We support good, old-fashioned hacking of the kind that led to the creation of the Internet and a new era of freedom of information. So don't email us about any crimes you have committed!

© 1998 Meino Christian Cramer and Nezah. You may forward, print out or post this GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave this notice at the end.

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group


Return to the index of Guides to (mostly) Harmless Hacking!

 © 2013 Happy Hacker All rights reserved.