Finding out when a child process forks or calls exec
Dan McNulty
dkmcnulty at gmail.com
Tue May 4 16:02:50 UTC 2010
Great! This was what I was looking for. Thanks.
-Dan
On Mon, May 3, 2010 at 4:39 PM, Dan Nelson <dnelson at allantgroup.com> wrote:
> In the last episode (May 03), Dan McNulty said:
>> I am trying to port a debugging tool that uses the ptrace interface from
>> Linux to FreeBSD. From what I can tell, the ptrace interface on FreeBSD
>> is pretty similar to the Linux interface; however, it doesn't appear that
>> the FreeBSD interface generate events when the child process forks, calls
>> exec, creates a new LWP, etc. My question then is:
>>
>> Does FreeBSD provide any way to determine from a parent/tracing
>> process if a child process has called fork, exec, exit, or created a
>> new LWP?
>
> /usr/bin/truss watches for syscalls named "fork", "rfork", and "vfork", and
> when they return it forks another copy of itself to watch the child. See
> /usr/src/usr.bin/truss/i386-fbsd.c and main.c (search for "in_fork").
>
> You can tell when a new lwp is created because lwpid changes. In setup.c
> the waitevent() function calls ptrace(PT_LWPINFO...) on every syscall
> entry/exit so it's easy to track; it then calls the find_thread() function
> which allocates a new helper struct every time a new lwp appears.
>
> --
> Dan Nelson
> dnelson at allantgroup.com
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list