add execsnoop in c++

tools/CMakeLists.txt

@@ -1,4 +1,9 @@
 include_directories(${PROJECT_SOURCE_DIR})
 include_directories(${PROJECT_SOURCE_DIR}/src)
-add_executable(cgattach cgattach.cpp ../src/cgroup_attach.cpp ../src/common.cpp) 
-install(TARGETS cgattach  DESTINATION /usr/bin PERMISSIONS ${basic_permission})
+
+add_executable(cgattach cgattach.cpp ../src/cgroup_attach.cpp ../src/common.cpp)
+install(TARGETS cgattach  DESTINATION /usr/bin PERMISSIONS ${basic_permission})
+
+add_executable(execsnoop execsnoop.cpp ../src/common.cpp)
+target_link_libraries(execsnoop bcc)
+install(TARGETS execsnoop  DESTINATION /usr/bin PERMISSIONS ${basic_permission})

tools/execsnoop.cpp

@@ -0,0 +1,23 @@
+#include "execsnoop.hpp"
+#include "common.h"
+using namespace std;
+using namespace CGPROXY::EXESNOOP;
+
+#define PATH_MAX_LEN 128
+
+int handle_pid(int pid) {
+  char path[PATH_MAX_LEN];
+  auto size = readlink(to_str("/proc/", pid, "/exe").c_str(), path, PATH_MAX_LEN);
+  if (size == -1) error("readlink: %s", to_str("/proc/", pid, "/exe").c_str());
+  path[size] = '\0';
+  info("%d %s", pid, path);
+  return 0;
+}
+
+int main() {
+  enable_debug = true;
+  enable_info = true;
+  callback = handle_pid;
+  execsnoop();
+  return 0;
+}