As we know, the ptrace system call is one of the most powerful system calls in unix-like systems. All debugging software use ptrace for monitoring and manipulating another process, i.e. tracee. Using ptrace, we can track read/write system call in the tracee process. I ask, can we use ptrace in order to monitor the tracee and notify the tracer only when the tracee executes a branch instruction? Is this possible? if not, can we notify the tracer when a specific instruction at a specific address is executed?
PTRACE_SINGLESTEP is not appropriate to be used in my case because it leads to performance degradation.
Thanks for any help.
What I have tried:
I tried to modify the binary code to exchange each branch instruction with another one that traps the tracer. But I seek to find another way.