Esteemed monks, I pray that you guide me on this quest I'm on, towards enlightenment.

Update:I I added my new findings in the thread below

I'm simply trying to write an inspector that can inspect a perl script with the ptrace call and check what system calls it makes. Below is the C program I've written to trace, but mine is a perl question.

Problem: The perl interpreter is spitting hundreds of system calls from executing a simple print "hello";. I'm guessing it's all extra stuff the interpreter is doing to compile my program

I have two programs. perl_tracer.c and hello.pl. The tracer executes hello.pl via the perl interpreter and gets the output from there at the end. However, I get a total 367 system calls. A variety of sys_rt_sigaction and finally a sys_exit_group. Ideally it should have just said the program made a sys_write call? Right? (for print)

Q : How or what should I do to just trace the perl script I'm running? Is there a way to know where my script execution began?

My target program 
#######
# hello.pl
########
print "hello";

[download]
My tracer : 
/*
perl_tracer.c This is completed adapted from some stuff I've seen. 
I'm really not an expert on linux and debugging.
*/
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <sys/user.h>   /* For constantsORIG_EAX etc */
#include <sys/reg.h>
#include <stdio.h>

int pipefd[2];

int
main()
{   
    int i, status;
    pid_t child;
    long orig_eax;
    long lastcall = 0;
    pipe(pipefd);
    child = fork();
    if(child == 0) 
    {
        //pipes so we can get the stdout from the child
        //doesn't work perfect yet.
     close(pipefd[0]);
    dup2(pipefd[1], 1); 
    dup2(pipefd[1], 2);
    close(pipefd[1]);
        ptrace(PTRACE_TRACEME, 0, NULL, NULL);
    execl("/usr/bin/perl", "perl", "hello.pl", NULL );
    }
     else 
    {
     i = 0;
     while(1)
     {
         wait(&status); 
        if (WIFEXITED(status) || WIFSIGNALED(status))
        {
          break;
        }
        orig_eax = ptrace(PTRACE_PEEKUSER,child, 8 * ORIG_RAX,NULL);
           //We can kill the process if we get a malicious sys call.  
+ 
           /*if (orig_eax == 10){ kill(child, SIGKILL); }*/
    printf("%d time system call %ld\n", i++, orig_eax);
    
    ptrace(PTRACE_SYSCALL, child, NULL, NULL);
    lastcall = orig_eax;
     }//end of while
     char buffer[1024];
     // close the write end of the pipe in the parent
     close(pipefd[1]);  
     while (read(pipefd[0], buffer, sizeof(buffer)) != 0)
     {//prints with some garbage at the end.
        printf("Child says : %.*s", 1024, buffer);
     }
    }//end of else.
    return 0;
}

[download]

If you've reached here, thanks a ton for reading! :)

In reply to tracing system calls a perl script is making by gideondsouza

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.