About System Calls and Programs

[klose86]

Maybe this is pretty simple, perhaps Not. I wrote a simple program that runs any application in Linux, calling it right from the console.
Now, I need to keep track of every single system call used by the application that my program's running. I've investigated a little, but still dont know how to do that exactly.

Any idea??

Thanks for your help, I truly appreciate it.

 

[Salem]

Sounds like you want trace

The command line tool

http://www.die.net/doc/linux/man/man1/strace.1.html

The underlying API call

http://www.die.net/doc/linux/man/man2/ptrace.2.html

--
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.

 

[klose86]

First of all, sorry for the delayed post and thanks a lot to SALEM for the reply.


OK, I did some investigation about ptrace.h and now I'm pretty sure thats the library I need to accomplish what I want.

Now, I found this code somewhere, seems to work fine, but when I compile it with GCC the variable ORIG_EAX, EAX and all those related to registers are not recognized.

#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <linux/user.h>
#include <sys/syscall.h>   /* For SYS_write etc */
int main()
{   pid_t child;
    long orig_eax, eax;
    long params[3];
    int status;
    int insyscall = 0;
    child = fork();
    if(child == 0) {
        ptrace(PTRACE_TRACEME, 0, NULL, NULL);
        execl("/bin/ls", "ls", NULL);
    }
    else {
       while(1) {
          wait(&status);
          if(WIFEXITED(status))
              break;
          orig_eax = ptrace(PTRACE_PEEKUSER, 
                     child, 4 * ORIG_EAX, NULL);

             if(insyscall == 0) {    
                /* Syscall entry */
                insyscall = 1;
                params[0] = ptrace(PTRACE_PEEKUSER,
                                   child, 4 * EBX, 
                                   NULL);
                params[1] = ptrace(PTRACE_PEEKUSER,
                                   child, 4 * ECX, 
                                   NULL);
                params[2] = ptrace(PTRACE_PEEKUSER,
                                   child, 4 * EDX, 
                                   NULL);
                printf("Write called with "
                       "%ld, %ld, %ld\n",
                       params[0], params[1],
                       params[2]);
                }
          else { /* Syscall exit */
                eax = ptrace(PTRACE_PEEKUSER, 
                             child, 4 * EAX, NULL);
                    printf("Write returned "
                           "with %ld\n", eax);
                    insyscall = 0;
                }

            ptrace(PTRACE_SYSCALL, 
                   child, NULL, NULL);
        }
    }
    return 0;
}

Everything seems to be working fine, except for those variables related to registers, from user.h.

Any idea??

OK, hope i made myself clear, THANKS A LOT FOR THE HELP.