Well-formatted and improved trace system calls and signals (when the debugger does not help).

Awesome tools strace and dtruss have only one drawback: too much information which is hard to understand without additional sources of information and various configuration options. ctrace resolves it.

ctrace are indispensable in the following cases

• Debugging complex performance issues or not identified unhandled errors and exceptions in own code or someone else's code
• Learning OS kernel

What do you think how difficult it is to display a hint for using CLI utility, let us say NPM?

> ctrace -c "npm --help"

What we see?! What NPM does to simply display help?

• over 6800 system calls elapsed over 650 msec!
• 7 child processes 😮
• aims to open over 400 files

Сlearly there is something to improve! 💪

• Supported platforms: OSx (dtruss), Linux (strace)
• Trace command or attach to process (with forks following)
• Syscall details in output (number, description, synonyms, is it platform specific syscall)
  pread (preadv), 534 -- read or write data into multiple
• Resolving errno in syscall result
  Err#22 -> EINVAL : Invalid argument (only OSx)
• Prints by default only syscall with errors, with -v prints all output
• Filter output with syscall list -f "lstat,open"

$> npm install -g ctrace

$> ctrace --help

Usage: ctrace [options]

 ctrace - well-formatted and improved trace system calls and signals

 Options:

   -h, --help               output usage information
   -V, --version            output the version number
   -p, --pid [pid]          process id to trace
   -c, --cmd [cmd]          command to trace
   -f, --filter [syscall,]  trace syscall only from list
   -v, --verbose            print all syscalls (by default only with errors)

 Examples:

   $ ctrace -p 2312 -v
   $ ctrace -c "ping google.com"

As you may know Apple released their new OS X revision 10.11 this year with a great security feature built-in: System Integrity Protection. In a nutshell, this mechanism protects any system data and important filesystem components (like /System or /usr) from being modified by user; even if they are root. SIP also disables any use of code-injection and debugging techniques for third-party software, so some of your favorite hacks may not work anymore. ...

Although not recommended by Apple, you can entirely disable System Integrity Protection on you Mac. Here's how:

Boot your Mac into Recovery Mode: reboot it and hold cmd+R until a progress bar appears. Choose the language and go to Utilities menu. Choose Terminal there. Enter this command to disable System Integrity Protection:

$> csrutil disable

It will ask you to reboot — do so and you're free from SIP!

http://internals.exposed/blog/dtrace-vs-sip.html#fnref1