Re: How to trace a process with ptrace when it forks a new process ?



On Fri, 25 Jan 2008 00:32:30 +0100 Zheng Da <zhengda1936@xxxxxxxxx> wrote:
| phil-news-nospam@xxxxxxxx wrote:
|> On Thu, 24 Jan 2008 01:27:13 +0100 Zheng Da <zhengda1936@xxxxxxxxx> wrote:
|> | John Reiser wrote:
|> |>> Basically, what I want to do is: to trace a process,
|> |>> to trace its child too, if the process forks a child,
|> |>> and so on.
|> |>
|> |> Examine the source code to the utility program /usr/bin/strace .
|> |> See how strace handles its "-f" commandline option, which
|> |> "follows" all descendents.
|> |>
|> |
|> | Hi,
|> |
|> | The code of strace is quite complex because it supports so many
|> | different systems.
|> | As my understanding, I think strace traces every system calls.
|> | In this case, strace can get the pid of the new process.
|> | But I don't want to do it in this way because I don't need to trace
|> | every system call. What I need to trace is when the process forks a new
|> | process and exits.
|> | Are there any better ways?
|>
|> If you ptrace the fork and related calls, you get to know the new PID.
|> The catch is making sure that child process cannot run until your program
|> can start ptracing it as well. If that much can be isolated from strace
|> then you might have your solution.
|>
|> "man ptrace" shows some things to look for. Specifically, some options
|> like PTRACE_O_TRACEFORK, PTRACE_O_TRACEVFORK, and PTRACE_O_TRACECLONE,
|> that will SIGSTOP the child of the fork.
|>
| This is exactly what I'm interested in.
| I want to use PTRACE_O_TRACEFORK, PTRACE_O_TRACEVFORK, and
| PTRACE_O_TRACECLONE options.
| I read the code of do_fork() and do_exit() in the kernel.
| There are several very similar code:
| do_exit(){
| ...
| if (unlikely(current->ptrace & PT_TRACE_EXIT)) {
| current->ptrace_message = code;
| ptrace_notify((PTRACE_EVENT_EXIT << 8) | SIGTRAP);
| }
| ...
| }
| do_fork(){
| ...
| if (unlikely (trace)) {
| current->ptrace_message = nr;
| ptrace_notify ((trace << 8) | SIGTRAP);
| }
| ...
| }
| When I set PTRACE_O_TRACEEXIT options of the traced process, the process
| can receive SIGTRAP signal.
| I set PTRACE_O_TRACEFORK, PTRACE_O_TRACEVFORK, and PTRACE_O_TRACECLONE
| options, but no signal is received.(as the test program in my first
| letter shows)
| Can you tell me why? Where is the problem?
| Or can you show me an example to use these options?

I know about these syscalls/options, but I have never used them. I am
considering using them for a coming project (there are some other ways
possible to achieve the goals of the project, so using ptrace is not a
certainty). If something is not working, I cannot say why. I suggest
actually stracing your code that is calling ptrace. Since I can strace
the strace program itself, I assume this can work for your program.

--
|---------------------------------------/----------------------------------|
| Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
| first name lower case at ipal.net / spamtrap-2008-01-25-2041@xxxxxxxx |
|------------------------------------/-------------------------------------|
.



Relevant Pages

  • Re: BUG: NTPL: waitpid() doesnt return?
    ... The strace case I'm more than willing to pass off as a strace problem. ... I find it quite common that strace doesn't detach from processes, ... So I assumed that the particular trace ... "CLONE_DETACHED" child, and then you expect to be able to wait for it. ...
    (Linux-Kernel)
  • Re: How to trace a process with ptrace when it forks a new process ?
    ... |> to trace its child too, if the process forks a child, ... What is the knowledge basis on which the strace utility was developed? ... When I recommend people to look at the source code of how something else ...
    (comp.os.linux.development.system)
  • Re: How to trace a process with ptrace when it forks a new process ?
    ... to trace its child too, if the process forks a child, ... The code of strace is quite complex because it supports so many different systems. ... But I don't want to do it in this way because I don't need to trace every system call. ... What I need to trace is when the process forks a new process and exits. ...
    (comp.os.linux.development.system)
  • Re: How to trace a process with ptrace when it forks a new process ?
    ... |>> to trace its child too, if the process forks a child, ... I think strace traces every system calls. ... What I need to trace is when the process forks a new | process and exits. ...
    (comp.os.linux.development.system)
  • Re: How to trace a process with ptrace when it forks a new process ?
    ... |>> to trace its child too, if the process forks a child, ... I think strace traces every system calls. ... What I need to trace is when the process forks a new ...
    (comp.os.linux.development.system)