ptrace截获其他进程系统调用

int main(int argc, char *argv[]){if (net_init() != 0){printf("net init fail\n");MYLOG("net init fail");return -1;}pid_t traced_process;struct user_regs_struct regs;    long ins;    if(argc != 2) {        printf("Usage: %s <pid to be traced> \n", argv[0], argv[1]);        exit(1);    }int wStatus = 0;    traced_process = atoi(argv[1]);// Now set our optionsptrace(PTRACE_ATTACH, traced_process, NULL, NULL);    wait(&wStatus);ptrace(PTRACE_SETOPTIONS, traced_process, NULL, PTRACE_O_TRACESYSGOOD);ptrace(PTRACE_SYSCALL, traced_process, NULL, NULL);  // Wait for the child process to stopwhile (1){wait(&wStatus);    // Stopped by our ptrace callif(WSTOPSIG(wStatus) == (SIGTRAP | 0x80)){// We are now entering a system callptrace(PTRACE_GETREGS, traced_process, NULL, &regs);long call = regs.orig_rax;//printf("syscall:  %4ld \n", call);if(call == SYS_sendmsg){/* Syscall entry */printf("Write called with %ld, %ld, %ld, %ld \n", regs.rdi, regs.rsi, regs.rdx, regs.rcx);char buff[10240];getdata(traced_process, regs.rsi, buff, regs.rdx);printf("%s\n",buff);}// Wait until we're exiting the system callptrace(PTRACE_SYSCALL, traced_process, NULL, NULL);wait(&wStatus);ptrace(PTRACE_GETREGS, traced_process, NULL, &regs);/* Syscall exit */if(call == SYS_sendmsg){printf("Write returned with %ld \n", regs.rax);}}// Stopped for some other reasonelse{printf("child stopped but not for system call.\n");}fflush(stdout); // flush the outputptrace(PTRACE_SYSCALL, traced_process, NULL, NULL);}ptrace(PTRACE_DETACH, traced_process, NULL, NULL);return 0;}