System call tacking

My requirement is like, I need to implement STRACE(similar kind).

How do i come to know what system call have been exected by a process from another process.

Example: Process A,Process B.

Process B wants to know what system calls have been exectued by Process A(Runtime).


In other words, I want to trace what system calls have been exected by a process from another process.

How do i implement this???

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Why don't you see open source code. The link is

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ramanagoudaAuthor Commented:
I didn't find any source code @

And i want the plan behind that... I want to know how he has implemented.....

How does he notifies when a system call is called ???

What notification is sent to the tracing process(Process B) from the traced process(Process A) upon invocation of a system call???

How does he make a difference between a normal funtion call and a system call at run time???

Wether he is getting the info after the system call called has passed the system call table or what???

If he access this info, how is that possible???

What event is generated when a system call is called(some sort of signaling???)

A crude design that I could think of is given below. You will have to develop on it. This is just a guideline

You could write a kernel module that hooks all the syscalls you want to know about. (So if your process wants to get notified about read, write , hook these two syscalls.)
This way whenver a syscall is made, it will first come to your module and from here your module will have to send it to the actual syscall handler.
In the module find out if the pid of the process that made this call is the one you want (This I think will be difficult to implement)
and if it is so, send this information to your process.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux OS Dev

From novice to tech pro — start learning today.