This post is a walk-through of the simple strace implementation I wrote during my GopherCon talk, A Go Programmer’s Guide to Syscalls . You’ll find the code here . To explore some of the features of the I thought it would be fun to write my own implementation of a basic — a tool that shows which an executable uses. This article is a quick breakdown of how the program works. If you have time, there’s more detail and colour in the talk: Linux ptrace syscall strace syscalls I added a boolean called to keep track of whether it’s an exit or entry, and simply flipped its state each time through the for loop. I only count the syscall on exit. Here’s the loop, including keeping track of the exit. exit for {if exit {err = syscall.PtraceGetRegs(pid, &regs)if err != nil {break} name, \_ := sec.ScmpSyscall(regs.Orig\_rax).GetName()  
    fmt.Printf("%s\\n", name)  
}

err = syscall.PtraceSyscall(pid, 0)  
if err != nil {  
    panic(err)  
}

\_, err = syscall.Wait4(pid, nil, 0, nil)  
if err != nil {  
    panic(err)  
}

exit = !exit } Summing up the syscalls I wrote some to keep count of the number of times each syscall code is used, and to print out a summary. utility code Et voilà If you try this out you’ll see this gives something that corresponds to what gives us. Here’s a very short demo showing the output from this code when we use it on , and the output from for the same thing. You’ll see they show the same counts for each syscall. strace echo hello strace -c _https://github.com/lizrice/strace-from-scratch_asciinema.org Strace from scratch demo The full implementation also shows the parameters for each syscall. If you wanted to build out our simple version to do this, we could . map them from other registers In the talk I went on to demonstrate how you can use the . You can try this out for yourself by uncommenting the call to . This is really just to give an idea of what happens when you use seccomp filters — I wouldn’t recommend that everyone should start handcrafting code within production applications to determine which syscalls they can call! If you like the idea of self-sandboxing applications, you should by . seccomp security module to prevent specific syscalls disallow() check out this talk Jessie Frazelle Massive thanks for the inspiration and information in @nelhage ’s implementation of strace in C and Michał Łowicki ’s deep dives into making a debugger in Go, and to everyone at Gophercon who made me feel so welcome.

Google

Strace in 60 lines of Go

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A silly virtual-kubelet

104 Stories To Learn About Go

10 Questions for Aswin Ganesh, Noonie Nominee for Functional Programming

3 Golang Pitfalls Every Developer Needs to Know

207 Stories To Learn About Golang

2 Error-Free Options for Decimal handling in Golang

A silly virtual-kubelet

104 Stories To Learn About Go

10 Questions for Aswin Ganesh, Noonie Nominee for Functional Programming

3 Golang Pitfalls Every Developer Needs to Know

207 Stories To Learn About Golang

2 Error-Free Options for Decimal handling in Golang

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps