Hi -
I've modified rpctrace to attach to running processes and trace them. I've added a new set of patches (the 0200 series) to my github repository with these changes. I'm still chasing bugs, and it can't detach from processes without killing them, but it's basically working.
The only big problem is the inability to invisibly swap receive rights. When rpctrace attaches, it moves all the old port rights to rpctrace, wraps them, and replaces them with new port rights managed by rpctrace. This works fine for everything except a bare receive right with a mach_msg waiting for messages on it. Moving such a receive right causes the mach_msg to return reporting MACH_RCV_PORT_DIED. I don't see any way around this without modifying the kernel. Portsets don't have this problem; you can pull twenty receive rights out of a portset, put twenty replacements back in, and it works fine.
For some programs, this isn't a problem. cat and bash seem to deal with the error returns to io_read by just retrying the read, and everything is fine. Attaching to proc is a hit-or-miss affair, as __pthread_block isn't as forgiving of error returns, but if you reboot the subhurd and try again, you can eventually attach to it, like once every half dozen attempts or so. I don't understand why, but since my primary goal is tracing proc, this is good news (I think).
Don't know about others on the list, but I anticipated kernel problems detaching, and expected attaching to work fine. Somewhat bummed that it isn't so simple.
agape
brent