I have a complex embedded Linux software running on a gentoo derivative, on which a certain piece of code gets executed regularly every ~84 minutes. Sweeping through the main code to find places where this code might get executed was unsuccessful, and crontab
also seems no possible explanation.
My question: Is it possible, by modifying the code in question, to find out which other process/code/file/service started it in the first place? Are there some information in the /proc
directory I can use? Or is it impossible to find out the process that executed the given code?
Best Answer
Chris' answer would work if the process is long-lived, and you have time to go inspect it, but if it's a short running command, it may be difficult to catch it while the process is still alive.
Another way you could approach this is to put a 'wrapper' around the program.
Lets say the program being called is
/usr/bin/someprog
./usr/bin/someprog
to/usr/bin/someprog.orig
./usr/bin/someprog
as a script such as:chmod a+x /usr/bin/someprog
This will dump a process tree and put it in
/tmp/someprog.log
. You could then look at the tree and find what is spawning it.