1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 16:47:36 +00:00

strace: Add command line options to filter syscalls

By default strace outputs all system calls the monitored process
invokes, but it's sometimes useful to either exclude some calls, or to
include only some others.

This commit adds two new command line options to specify two
exclusion/inclusion command-delimited lists of system calls. These are
then used to decide if an intercepted system call should be displayed in
the output or not.
This commit is contained in:
Rodrigo Tobar 2021-10-11 22:59:17 +08:00 committed by Brian Gianforcaro
parent 6ff56a96bd
commit e3dffdacb8

View file

@ -276,9 +276,9 @@ struct Formatter<PointerArgument> : StandardFormatter {
class FormattedSyscallBuilder {
public:
FormattedSyscallBuilder(Syscall::Function syscall_function)
FormattedSyscallBuilder(StringView syscall_name)
{
m_builder.append(Syscall::to_string(syscall_function));
m_builder.append(syscall_name);
m_builder.append('(');
}
@ -751,6 +751,10 @@ int main(int argc, char** argv)
Vector<const char*> child_argv;
const char* output_filename = nullptr;
const char* exclude_syscalls_option = nullptr;
const char* include_syscalls_option = nullptr;
HashTable<StringView> exclude_syscalls;
HashTable<StringView> include_syscalls;
auto trace_file = Core::File::standard_error();
Core::ArgsParser parser;
@ -759,6 +763,8 @@ int main(int argc, char** argv)
"Trace all syscalls and their result.");
parser.add_option(g_pid, "Trace the given PID", "pid", 'p', "pid");
parser.add_option(output_filename, "Filename to write output to", "output", 'o', "output");
parser.add_option(exclude_syscalls_option, "Comma-delimited syscalls to exclude", "exclude", 'e', "exclude");
parser.add_option(include_syscalls_option, "Comma-delimited syscalls to include", "include", 'i', "include");
parser.add_positional_argument(child_argv, "Arguments to exec", "argument", Core::ArgsParser::Required::No);
parser.parse(argc, argv);
@ -771,6 +777,14 @@ int main(int argc, char** argv)
}
trace_file = open_result.value();
}
auto parse_syscalls = [](const char* option, auto& hash_table) {
if (option != nullptr) {
for (auto syscall : StringView(option).split_view(','))
hash_table.set(syscall);
}
};
parse_syscalls(exclude_syscalls_option, exclude_syscalls);
parse_syscalls(include_syscalls_option, include_syscalls);
if (pledge("stdio proc exec ptrace sigaction", nullptr) < 0) {
perror("pledge");
@ -872,7 +886,13 @@ int main(int argc, char** argv)
#endif
auto syscall_function = (Syscall::Function)syscall_index;
FormattedSyscallBuilder builder(syscall_function);
auto syscall_name = to_string(syscall_function);
if (exclude_syscalls.contains(syscall_name))
continue;
if (!include_syscalls.is_empty() && !include_syscalls.contains(syscall_name))
continue;
FormattedSyscallBuilder builder(syscall_name);
format_syscall(builder, syscall_function, arg1, arg2, arg3, res);
if (!trace_file->write(builder.string_view())) {