Kernel: Add a systrace() syscall and implement /bin/strace using it.

Calling systrace(pid) gives you a file descriptor with a stream of the syscalls made by a peer process. The process must be owned by the same UID who calls systrace(). :^)
2025-07-26 16:17:45 +00:00 · 2019-04-22 18:44:45 +02:00 · 2019-04-22 18:44:45 +02:00 · 5c68929aa1
commit 5c68929aa1
parent 6693cfb26a
12 changed files with 188 additions and 1 deletions
--- a/Userland/strace.cpp
+++ b/Userland/strace.cpp
@ -0,0 +1,40 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <AK/Assertions.h>
+#include <AK/Types.h>
+#include <Kernel/Syscall.h>
+
+int main(int argc, char** argv)
+{
+    if (argc < 2)
+        return 1;
+
+    int pid = atoi(argv[1]);
+    int fd = systrace(pid);
+    if (fd < 0) {
+        perror("systrace");
+        return 1;
+    }
+
+    for (;;) {
+        dword call[5];
+        int nread = read(fd, &call, sizeof(call));
+        if (nread == 0)
+            break;
+        if (nread < 0) {
+            perror("read");
+            return 1;
+        }
+        ASSERT(nread == sizeof(call));
+        printf("%s(%#x, %#x, %#x) = %#x\n", Syscall::to_string((Syscall::Function)call[0]), call[1], call[2], call[3], call[4]);
+    }
+
+    int rc = close(fd);
+    if (rc < 0) {
+        perror("close");
+        return 1;
+    }
+
+    return 0;
+}