I'm looking for information on how to enable tracing of a process and all its child, grandchild, etc processes. This is possible when strace is fed the fork flag -f.

I'm gonna use this to implement a fast generic system call memoizer similar to https://github.com/nordlow/strace-memoize but written in a compiled language.

The short version is:

• You can find all the threads as of attach by looking at /proc/$pid/task
• You can use PTRACE_SETOPTIONS with PTRACE_O_TRACECLONE and friends to detect clone() events (such as fork() or thread-creation), and attach to the children before they start, to follow across the creation of new threads.