Kernel: Add a systrace() syscall and implement /bin/strace using it.

Calling systrace(pid) gives you a file descriptor with a stream of the syscalls made by a peer process. The process must be owned by the same UID who calls systrace(). :^)
2025-07-27 00:27:45 +00:00 · 2019-04-22 18:44:45 +02:00 · 2019-04-22 18:44:45 +02:00 · 5c68929aa1
commit 5c68929aa1
parent 6693cfb26a
12 changed files with 188 additions and 1 deletions
--- a/Kernel/ProcessTracer.h
+++ b/Kernel/ProcessTracer.h
@ -0,0 +1,36 @@
+#pragma once
+
+#include <AK/Retainable.h>
+#include <AK/Retained.h>
+#include <AK/CircularQueue.h>
+#include <Kernel/UnixTypes.h>
+
+class ProcessTracer : public Retainable<ProcessTracer> {
+public:
+    static Retained<ProcessTracer> create(pid_t pid) { return adopt(*new ProcessTracer(pid)); }
+    ~ProcessTracer();
+
+    bool is_dead() const { return m_dead; }
+    void set_dead() { m_dead = true; }
+
+    bool can_read() const { return !m_calls.is_empty() || m_dead; }
+    int read(byte*, int);
+
+    void did_syscall(dword function, dword arg1, dword arg2, dword arg3, dword result);
+    pid_t pid() const { return m_pid; }
+
+private:
+    explicit ProcessTracer(pid_t);
+
+    struct CallData {
+        dword function;
+        dword arg1;
+        dword arg2;
+        dword arg3;
+        dword result;
+    };
+
+    pid_t m_pid;
+    bool m_dead { false };
+    CircularQueue<CallData, 200> m_calls;
+};