#include <stdio.h>#include <sys/ptrace.h>#include <stdlib.h>#include <sys/

1. #include <stdio.h>
2. #include <sys/ptrace.h>
3. #include <stdlib.h>
4. #include <sys/user.h>
5. #include <sys/types.h>
6. #include <sys/types.h>
7. #include <sys/wait.h>
8.  
9. int main(int argc, char **argv)
10. {
11. pid_t traced_process = atoi(argv[1]);
12. struct user_regs_struct regs;
13. long ins;
14. int entered = 0;
15. int status;
16. pid_t retcode;
17.  
18.  
19. /* attach and stop process */
20. ptrace(PTRACE_ATTACH, traced_process, NULL, NULL);
21.  
22. /* Restarts the stopped child, but arranges for the child
23. to be stopped at the next entry call */
24. ptrace(PTRACE_SYSCALL, traced_process, NULL, NULL);
25.  
26. /* This process blocks until the child is stopped again */
27. waitpid(traced_process, &status, __WALL);
28.  
29. /* print status to standard out */
30. printf("WIFSTOPPED(status) = %d\n", WIFSTOPPED(status));
31.  
32. /* Copy the registers and print out regs.orig_rax */
33. ptrace(PTRACE_GETREGS, traced_process, NULL, &regs);
34. printf("interrupt with system call: %d\n\n", regs.orig_rax);
35. printf(": %s\n\n", regs.rcx);
36.  
37. /* Start the stopped child again and arrange for child
38. to be stopped at the next exit */
39. ptrace(PTRACE_SYSCALL, traced_process, NULL, NULL);
40.  
41. /* This process blocks until the child is stopped again */
42. waitpid(traced_process, &status, __WALL);
43.  
44. /* print status to standard out */
45. printf("WIFSTOPPED(status) = %d\n", WIFSTOPPED(status));
46.  
47. /* Copy the registers and print out regs.orig_rax */
48. ptrace(PTRACE_GETREGS, traced_process, NULL, &regs);
49. printf("interrupt with system call: %d\n\n", regs.orig_rax);
50.  
51. return 0;
52. }