Home > linux > Force all user processes to be ptraced

Force all user processes to be ptraced

March 31Hits:1

I'm implementing a ptrace based tool for logging system call use. It is much more simple than strace, but I'm doing this so I can learn how these tools work. I'd like to trace all user processes since they're created. Can it be achieved with ptrace?


New processes are created with system calls, namely fork(), vfork() and clone(). These days, the C functions corresponding to these calls are implemented with an underlying call to clone() (the actual system call, as seen from the kernel), but the two other system calls are still there and could be invoked by any process with a simple bit of assembly.

To trace all user processes, you just have to use ptrace(), and intercept these calls, so that you can attach to new processes immediately after their creation. That's how strace works.

Related Articles

  • Force all user processes to be ptracedMarch 31

    I'm implementing a ptrace based tool for logging system call use. It is much more simple than strace, but I'm doing this so I can learn how these tools work. I'd like to trace all user processes since they're created. Can it be achieved with ptrace?

  • Can I force a pre-process action on all commands or environments without having to redefine them all manually?August 14

    I am trying to preserve a history of the latex commands and environment initializations I use in a typeset html or pdf file. Is there a way where I can force a pre-process action on all commands defined in my document or external packages without hav

  • Can you do a monit stop name , with a timeout to force kill a process? February 27

    This question is an exact duplicate of: Is there an easy way to do monit start <name>, only if its not running? 1 answer I have a long running daemon I need to take down for maintenance every now and then, is there an easy way to run monit stop <

  • Linux how to force quit the process by rootMarch 4

    I have run the command to backup 7 accounts and then i want to quit that command while its running. How can i quit from command line I want that it should quit backing up all accounts not just current account and then i have to press again untill all

  • Can I force cron to process all of my queued tasks?March 12

    My D7 module uses hook_cron to mirror a big external datasource locally. For each new or updated row, $queue->createItem() schedules a task requiring several external API round trips to build the locally mirrored row. I might queue 750 tasks but Drup

  • Force process pages to get unswappedApril 21

    I started 4 processes doing heavy computations. The machine has 4 full cores, and each process is single-threaded, so they don't compete for CPU. However I realized that they require more memory than physically exist in this system (16GB). Now their

  • How do you force a process to flush the data written to an open file descriptor under Linux?January 9

    I have a binary process (with no sources available) running on an embedded Linux system. The process opens a log file (/tmp/dmaosd.log) where it logs what it's doing. The problem is the log gets updated in chunks (about 1000 bytes at a time), so I ca

  • How to make sense of 100% CPU usage and re-spawning of a force-quitted process?

    How to make sense of 100% CPU usage and re-spawning of a force-quitted process?January 21

    My MBP was making loud noises again so I opened up my activity manager and I was baffled to see that the CPU usage of mutt is more than 100%. This is strange because all I was doing in it was to send an email. I Force-Quitted the process and the nois

  • Mac OS Leopard: SyncServer process constantly using 100% CPUMarch 10

    I am running Leopard that I upgraded from Tiger. I've been noticing that every once in a while the SyncServer process starts up and eats up all the CPU. The fans will start going at full blast and the laptop will slow down to a crawl. I need to force

  • How to log STDOUT of a background process w/o buffering on Mac?September 21

    I am running a background process on Mac and have a problem with log update. If I run someprog > mylog & then mylog is updated not immediately, but with some intervals - I guess it's due to buffering. If I kill the program before output is written

  • Why does Chrome group my tabs in processes and how can I stop it?November 5

    I noticed that in Chrome, it groups all the tabs into one renderer process, at least for me. This is a problem because that makes Chrome really slow from having 150k of RAM to sort through. Is there some way to force it to make every tab a separate p

  • Option to fail Xilinx process if pins are unconstrainedFebruary 12

    I am using Xilinx WebPack 13.2 and I recall there being a setting to force the Xilinx process to fail if a top level input/output net isn't constrained to a pin. I would like for the process to fail the design flow instead of automatically assigning

  • How can I kill a process by its name?

    How can I kill a process by its name?March 3

    Sometimes I notice that the process Python hung up. Then I'll kill it via the Activity Monitor and everything is fine. I'd like to kill that process in the Terminal instead. However, looking up the PID seems kind of unecessary because there's only on

  • Forcing a workflow while making it easier for the userOctober 24

    I'm working on an internal webapp that requires users to Enter Meeting Notes. Currently, the users write their notes in a Word template, then copy/paste into one large text field in the app. The notes include various sections, such as Summary, Action

  • How to force quit out of an infinite loop in a bash script gracefullyJanuary 21

    I wrote a bash script that logs keycodes in a simple file. I have put the code in a while loop because I want it to log continuosly. But if I run the bash script in the terminal, the cursor just keeps blinking suggesting that the file is indeed caugh

  • How can I force Windows Server 2008 to launch the new version of an executable instead of an old one?January 22

    We have a Windows Server 2008 using Terminal Services. When users login, an executable on a network share starts up which contains some hotkeys and macros for various tasks they do. Whenever I update the executable, I have to close all copies of the

  • Cron creates vim process but does not display vimFebruary 9

    Under MacOSX 10.8.2 I am able to run vim as follows in the bash shell: /usr/bin/vim -c "normal G" -c 'startinsert' ~/.journal If I put the exact same command in a script: #! /bin/bash export DISPLAY=:0 echo -n -e "\n[" `date` "]:\

  • How to get list of all child process spawned by a scriptSeptember 6

    Context: Users provide me their custom scripts to run. These scripts can be of any sort like scripts to start multiple GUI programs, backend services. I have no control over how the scripts are written. These scripts can be of blocking type i.e. exec

  • Can a batch process be stoppedNovember 3

    Is there a way to force a batch process to stop if some kind of error occurs? In particular, I have a batch that starts with saving a record to a database. Each subsequent batch operation depends on the database insert working correctly. I'd like to

  • How can I quit Firefox via command line in Windows without forcing it?May 1

    I want to quit Firefox from the command line, without "forcing" it. I just want to cause the same as clicking Quit in the menu in Firefox would. Seems I need to call "goQuitApplication" somehow, based on the following. I tried making a

Copyright (C) 2018 ceus-now.com, All Rights Reserved. webmaster#ceus-now.com 14 q. 0.489 s.