Process Tracing
Core Technology

Ever wondered what processes are currently doing on your system? Linux has a capable mechanism to answer your questions.
Processes are, in general, units of isolation within a Unix system. This perhaps is the most important abstraction the kernel provides, because it implies that malicious or badly written programs can never affect proper ones. Isolation is the foundation of safety, but sometimes you want to turn it off.
Think of the interactive GNU Debugger (GDB) (Figure 1). You'd certainly want it to stop your code execution at specified points or execute it step-by-step, and it is hardly useful if it can't add watches or otherwise peek into the program being debugged; however, the debugger and the program it debugs are two different, isolated processes, so how could it ever happen?
You can't have rules without exceptions, and in Unix, a so-called process tracing mechanism called ptrace()
answers this problem and has many other tricks up its sleeve.
[...]
Buy this article as PDF
(incl. VAT)