Track system calls using ptrace

Question

Track system calls using ptrace

I wrote a program to list all the system calls made by the command (say / bin / ls). Now I'm trying to find all the system call arguments, environment variables, command line arguments that can be passed to it

Example: if I open a file. Will the sys_access system call open the file correctly? But how to get these values?
Want to do this for system calls such as opening, reading, writing, closing.

According to my research, they should be in registers (ebx-edx). If so, what do these register values mean? I got a link. But I really could not get much from there. Also any sitelinks for this would be very helpful.

+1

c linux system-calls ptrace

bi0s.kidd0 Mar 19 '12 at 11:29

source share

1 answer

dbrank0 · Accepted Answer · 2012-03-19T21:13:26+0000

(Revised comment form above (so you can accept it)):

Detailed syscall parameters can be found in the Linux kernel header syscalls.h . In the above case, since sys_access (# 33 on x86) has only two parameters:

first a pointer to the file name, so your file name was saved at 0x4c4d8e
The second parameter is the file mode (see the mode flag)
since there is no third parameter in this syscall, edx does not matter and contains some undefined value

The return value of this syscall is -2 (ENOENT defined in errno-base.h ), which means an error (there is no such file or directory).

Also note (see Basile comment above) that you are duplicating strace functionality.

Track system calls using ptrace

More articles: