Finding out when a child process forks or calls exec
Dan Nelson
dnelson at allantgroup.com
Mon May 3 21:39:38 UTC 2010
In the last episode (May 03), Dan McNulty said:
> I am trying to port a debugging tool that uses the ptrace interface from
> Linux to FreeBSD. From what I can tell, the ptrace interface on FreeBSD
> is pretty similar to the Linux interface; however, it doesn't appear that
> the FreeBSD interface generate events when the child process forks, calls
> exec, creates a new LWP, etc. My question then is:
>
> Does FreeBSD provide any way to determine from a parent/tracing
> process if a child process has called fork, exec, exit, or created a
> new LWP?
/usr/bin/truss watches for syscalls named "fork", "rfork", and "vfork", and
when they return it forks another copy of itself to watch the child. See
/usr/src/usr.bin/truss/i386-fbsd.c and main.c (search for "in_fork").
You can tell when a new lwp is created because lwpid changes. In setup.c
the waitevent() function calls ptrace(PT_LWPINFO...) on every syscall
entry/exit so it's easy to track; it then calls the find_thread() function
which allocates a new helper struct every time a new lwp appears.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list