I'm working on a piece of software that requires me to know what files and resources any certain launched process are accessing.
I'm not planning on attempting to track what every single script, application, and daemon is accessing, just a certain process provided by the user.
Is there any way to do this in Python (or any other language for that matter)? I'm going to do some research of my own, I just figured I'd ask here in case there are knowledgeable users out there who know about this sort of thing and can provide a bit more explanation.
Best Answer
You can trace the system calls that a program makes. This is the usual method to find out what files it accesses. The tool to do this is called
truss
in many Unix systems,dtruss
on OSX,strace
on Linux. I'll describe Linux usage here; check the manual on other systems.The simplest form is
This prints a log of all the system calls made by
myprogram
. (Example.) To save the log in a file, use the option-o
. To also log calls made by subprocesses, use the option-f
. To select which system calls are logged, use the option-e
. See the manual for details of what you can use as an argument to-e
. For example, the following invocation logs file-related system calls (opening and closing, directory listing, etc.) exceptread
andwrite
.