ptrace - Linux

This is a discussion on ptrace - Linux ; hello, I'm trying to write some sort of tracing app. the idea is to walk with the program through every systemcall and print/time along the way. (never mind strace i know about it i just wanna do something by hand). ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: ptrace

  1. ptrace

    hello,
    I'm trying to write some sort of tracing app. the idea is to walk with
    the program through every systemcall and print/time along the way.
    (never mind strace i know about it i just wanna do something by hand).

    if (pid == 0) {
    ptrace(PTRACE_TRACEME, 0, 0, 0);
    execl(argv[1], argv[1], NULL);
    } else {

    wait (&status);

    while(1) {
    ptrace(PTRACE_SYSCALL, pid, 0, 0);
    wait(&status);
    ptrace(PTRACE_GETREGS, pid, 0, &regs);
    orig_syscall = regs.orig_eax;
    printf("syscall(eax) = %ld\t",orig_syscall);
    printf("edx = %ld\t",regs.edx);
    printf("ebx = %ld\n",regs.ebx);
    }
    }

    ptrace( PTRACE_DETACH, pid, NULL, NULL );
    return 0;


    the problem is i'm not catching the syscalls. also is there another
    way to test the usage of syscalls?

    Thank you

  2. Re: ptrace

    On Mar 9, 6:55 pm, "itendtoinfin...@gmail.com"
    wrote:

    > I'm trying to write some sort of tracing app. the idea is to walk with
    > the program through every systemcall and print/time along the way.
    > (never mind strace i know about it i just wanna do something by hand).


    Since you're trying to precisely replicate 'strace's functionality,
    you can look at its source code to learn how to do it.

    DS

  3. Re: ptrace

    On Sun, 9 Mar 2008 22:56:13 -0700 (PDT) David Schwartz wrote:
    | On Mar 9, 6:55 pm, "itendtoinfin...@gmail.com"
    | wrote:
    |
    |> I'm trying to write some sort of tracing app. the idea is to walk with
    |> the program through every systemcall and print/time along the way.
    |> (never mind strace i know about it i just wanna do something by hand).
    |
    | Since you're trying to precisely replicate 'strace's functionality,
    | you can look at its source code to learn how to do it.

    Is there something simpler than strace for use as an example? Or is it
    the case that usage of ptrace() implies the need to do things as complex
    as strace does them? IMHO, strace is not a good example of how to call
    ptrace(). Instead, it is a good example of how to elaboratly portray
    what is going on with those ptrace() calls. For someone wanting to do
    the former, which I understand describes the OP, something simpler would
    serve better.

    --
    |---------------------------------------/----------------------------------|
    | Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
    | first name lower case at ipal.net / spamtrap-2008-03-11-2045@ipal.net |
    |------------------------------------/-------------------------------------|

  4. Re: ptrace

    On Mar 11, 6:47 pm, phil-news-nos...@ipal.net wrote:
    > On Sun, 9 Mar 2008 22:56:13 -0700 (PDT) David Schwartz wrote:
    > | On Mar 9, 6:55 pm, "itendtoinfin...@gmail.com"| wrote:
    >
    > |
    > |> I'm trying to write some sort of tracing app. the idea is to walk with
    > |> the program through every systemcall and print/time along the way.
    > |> (never mind strace i know about it i just wanna do something by hand).
    > |
    > | Since you're trying to precisely replicate 'strace's functionality,
    > | you can look at its source code to learn how to do it.
    >
    > Is there something simpler than strace for use as an example?


    Not if you want to do what 'strace' does.

    > Or is it
    > the case that usage of ptrace() implies the need to do things as complex
    > as strace does them? IMHO, strace is not a good example of how to call
    > ptrace(). Instead, it is a good example of how to elaboratly portray
    > what is going on with those ptrace() calls. For someone wanting to do
    > the former, which I understand describes the OP, something simpler would
    > serve better.


    I think the OP wants to do exactly what 'strace' does. "the idea is to
    walk with the program through every systemcall and print/time along
    the way". I suppose it depends what he means by "walk with the
    program".

    In any event, looking at 'strace' is the obvious thing to do, and if
    it failed the OP in some way, he needs to explain how. Otherwise,
    he'll get the obvious answer.

    DS

+ Reply to Thread