I've modified rpctrace to attach to running processes and trace them. I've
added a new set of patches (the 0200 series) to my github repository with
these changes. I'm still chasing bugs, and it can't detach from processes
without killing them, but it's basically working.
The only big problem is the inability to invisibly swap receive rights.
When rpctrace attaches, it moves all the old port rights to rpctrace, wraps
them, and replaces them with new port rights managed by rpctrace. This
works fine for everything except a bare receive right with a mach_msg
waiting for messages on it. Moving such a receive right causes the
mach_msg to return reporting MACH_RCV_PORT_DIED. I don't see any way
around this without modifying the kernel. Portsets don't have this
problem; you can pull twenty receive rights out of a portset, put twenty
replacements back in, and it works fine.
For some programs, this isn't a problem. cat and bash seem to deal with
the error returns to io_read by just retrying the read, and everything is
fine. Attaching to proc is a hit-or-miss affair, as __pthread_block isn't
as forgiving of error returns, but if you reboot the subhurd and try again,
you can eventually attach to it, like once every half dozen attempts or
so. I don't understand why, but since my primary goal is tracing proc,
this is good news (I think).
Don't know about others on the list, but I anticipated kernel problems
detaching, and expected attaching to work fine. Somewhat bummed that it
isn't so simple.