tracing AND intercepting syscalls?
Stanislav Ochotnicky
stanislav.ochotnicky at kmit.sk
Sun Dec 3 03:58:42 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Robert Watson wrote:
> As discussed elsewhere in the thread, ptrace() has a syscall trapping
> facility, although I've not used it so can't speak to how well it works.
As I mentioned earlier, I didn't find any info about ptrace() syscall
trapping facility(PT_SYSCALL, PT_TO_SCE and PT_TO_SCX) because it wasn't
in the man nor info page about ptrace(). When I was noticeed about
theese interfaces, I checked the source and It looks like it should
solve my problem. Maybe the man page should be updated accordingly?
> There are patches to add system call entry and exit hooks to the MAC
> Framework, but they've not yet been merged. I anticipate that they will
> ship in FreeBSD 7.0, and may get MFC'd, depending on schedule, etc.
That would be certainly nice, if this could be done at system level.
There would be certainly lots of tools that could use this (Dtrace perhaps?)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFcrvjul7h5FTXf/MRCCjLAJ9wgU4s8Juvu0GXRD8ck1R0gcQ4HACfeSGU
QpRT3q9PBBx2I8/9RMJCMkw=
=CTRr
-----END PGP SIGNATURE-----
More information about the freebsd-hackers
mailing list