Reputation: 12138
Ptracing Process Trees
I'm looking for code examples on how to use the Linux system call ptrace() to trace system calls of a process and all its child, grandchild, etc processes. Similar to the behaviour of strace when it is fed the fork flag -f.
I'm aware of the alternative of looking into the sources of strace but I'm asking for a clean tutorial first in the hopes of getting a more isolated explanation.
I'm gonna use this to implement a fast generic system call memoizer similar to https://github.com/nordlow/strace-memoize but written in a compiled language. My current code examples I want to extend with this logic is my fork of ministrace at https://github.com/nordlow/ministrace/blob/master/ministrace.c
Upvotes: 0
Views: 295
Answers (1)
Reputation: 8573
RTFM PTRACE_SETOPTIONS with the PTRACE_O_TRACECLONE, PTRACE_O_TRACEFORK and PTRACE_O_TRACEVFORK flags. In a nutshell, if you set it on a process, any time it creates children, those will automatically be traced as well.
Upvotes: 1
Related Questions
- Using ptrace to track all execve() calls across children
- Traversing the process hierarchy of a process in C
- strace associate parent pid to child pid
- Ptrace - communication with child process
- Walking a process tree
- Linux ptrace memory reading & process management
- calling ptrace inside a ptraced Linux process
- How to use Ptrace on Linux to print Call Stack of Other Processes of C++
- How to get a process tree trace/log of a process in linux?
- ptrace'ing of parent process