add cpp version of execsnoop

[drapl0n]

Adding a cpp version of execsnoop in examples.

Execsnoop: a utility that traces newly executed processes.

It demonstrates how to use kprobes/kretprobes to trace system calls and how to process the captured events using a perf buffer through BCC’s C++ API.

Usage:

1. Compile code: clang++ execsnoop.cc -o execsnoop -lbcc

2. Execution: ./execsnoop

Output:

sudo ./execsnoop
Tracing execve syscalls... Press Ctrl+C to stop.
PID: 3000       PPID:  2728     COMM: ls       ARGS: /usr/bin/ls
PID: 3003       PPID:  2728     COMM: cat       ARGS: /usr/bin/cat /etc/passwd
PID: 3009       PPID:  2728     COMM: systemctl ARGS: /usr/bin/systemctl status libvirtd.service
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/local/sbin/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/local/bin/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/bin/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/lib/jvm/default/bin/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/bin/site_perl/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/bin/vendor_perl/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/bin/core_perl/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /opt/rocm/bin/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/lib/rustup/bin/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /home/lexington/.spicetify/pager
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/local/sbin/less
PID: 3010       PPID:  3009     COMM: (pager)   ARGS: /usr/local/bin/less
PID: 3010       PPID:  3009     COMM: less      ARGS: /usr/bin/less

[Bojun-Seo]

Here are my quick notes:

• Please include the purpose, necessity, value, and usage instructions in the commit message.
• The C++ files in this folder use 2-space indentation. Please match the existing coding style.
• Since it is a new file, please ensure the license header is properly added at the top.

Thanks

[drapl0n]

Here are my quick notes:

* Please include the purpose, necessity, value, and usage instructions in the commit message.

* The C++ files in this folder use 2-space indentation. Please match the existing coding style.

* Since it is a new file, please ensure the license header is properly added at the top.

Thanks

I have made the suggested changes.

[Bojun-Seo]

Here are my quick notes:

* Please include the purpose, necessity, value, and usage instructions in the commit message.

* The C++ files in this folder use 2-space indentation. Please match the existing coding style.

* Since it is a new file, please ensure the license header is properly added at the top.

Thanks

I have made the suggested changes.

Sorry, but I couldn't find the purpose, necessity, value, and usage instructions.
Could you please let me know where I can find that?

[drapl0n]

Sorry, but I couldn't find the purpose, necessity, value, and usage instructions.
Could you please let me know where I can find that?

As you mentioned, i added it in my latest commit message. I will add it in my PR comment too.

[Bojun-Seo]

Sorry, but I couldn't find the purpose, necessity, value, and usage instructions.
Could you please let me know where I can find that?

As you mentioned, i added it in my latest commit message. I will add it in my PR comment too.

Just to clarify, I wasn’t asking to create a separate new commit just to add the purpose and other details.
What I meant was to include them directly in the commit message itself. Also, the purpose, necessity, value, and usage instructions you included feel a bit insufficient and not fully convincing yet.
It might help to take a quick look at the existing commit history and see how other similar changes or tools have written their messages — that could serve as a good reference. One thing I’d really like to see included is an explanation of why a C++ version is needed in addition to the C version.