How to trace a process for system calls?

Question

I am trying to code a program that traces itself for system calls. I am having a difficult time making this work. I tried calling a fork() to create an instance of itself (the c

Answer 1

you are basically trying to write strace binary in linux, which traces the system calls of the process. Linux provides ptrace(2) system call for this. ptrace system call takes 4 arguement and the first arguement tells what you need to do. OS communicates with the parent process with signals and child process is stopped by sending SIGSTOP. broadly you need to follow below steps.

if(fork() == 0 )

{
    //child process

    ptrace(PTRACE_TRACEME, 0,0, 0);
    exec(...); 
}
else
{

 start:

    wait4(...);

    if (WIFSIGNALED(status)) {
        //done
    }
    if (WIFEXITED(status)) {
       //done
    }
    if(flag == startup)
    {
        flag = startupdone;

        ptrace(PTRACE_SYSCALL, pid,0, 0) ;
        goto start;
    }
    if (if (WSTOPSIG(status) == SIGTRAP) {) {
          //extract the register
          ptrace(PTRACE_GETREGS,pid,(char *)®s,0) 

    }

Note the register reading and interpretation will depend on your architecture. The above code is just an example to get it right you need to dig deeper. have a look at strace code for further understanding.