Modifying rr to trace specific system calls

Kapil Agarwal kapila at
Mon Nov 30 19:47:28 UTC 2015


I am trying to modify rr to break whenever it traces a particular syscall,
for example, open("/etc/localtime"). I am unable to figure out where
exactly is it checked that a particular syscall was called. I want to check
if orig_eax==SYS_open and the filename stored in the ebx register and
record this during `rr record`. I would then want to insert a breakpoint at
that syscall during `rr replay`, and be able to reverse-execute from there.
It would be helpful if you could point me to relevant code portions which
can give me a starting point.

Best, Kapil
