There comes a time in every binary analysis where we need to see the library calls and system calls within a binary to help round out our analysis tasks—enter ltrace and strace. These two tools, when used effectively, provide valuable information for the dynamic analysis phase of our methodology. The ltrace tool will give us information about the library calls as the binary is run to completion while also giving us options to review the system that the binary uses. A similar tool, called strace, offers functionality to look at system calls within a process of a running program. Both of these tools are extremely useful on pesky binary analysis CTF challenges and potentially malicious binaries. Just remember that these tools fall under the dynamic analysis phase of our methodology, and as such, we need to make sure we're using these tools against a binary in a sandboxed environment, such as a locked-down virtual machine.

This recipe will cover two tools at once, due to similar functionality within both. We'll start with using ltrace and then will move on to using strace. For each tool, we'll cover as many useful arguments as possible while making sure to also include situations where we can use specific arguments over others. By the end of this recipe, you should have a great grasp on how to use these tools in your binary analysis tasks.