-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi
I'm doing some research concerning tracing and intercepting of syscalls. Ideally this would be done in userspace. It doesn't have to be system-wide. It would be enough if I could fork/exec new process, and somehow be noticed every time it makes syscall, with ability to alter arguments/return values. I (more or less) need similar interface like linux ptrace when called with PTRACE_SYSCALL. systrace utility does the same thing in OpenBSD/linux. I've been through some mailing lists and their archives, read FreeBSD developers guide,TrustedBSD's MAC framework intro, man pages, asked on IRC and god knows what else and couldn't find a solution. Here's what I have found out so far about interfaces that resemble what I need: ptrace: unable to trace syscalls, only singlestep, this would be too slow imho, not mentioning problems with identifying syscalls. /proc interface: more or less like ptrace, better with modifying memory of process etc. but also unable to trace syscalls ktrace: almost there, able to trace syscalls, but it only writes them to file, and thus i cannot intercept them. trustedbsd's MAC framework: i've read manual, looked at source etc. And I couldn't find a way to stop at every syscall certain process has made. There is mac_syscall() function but as far as I could tell, it only registers new syscall. All in all, it seems that it should have some way to do this, maybe I just couldn't find it. If kernel module/change is needed I would appreciate push in right direction. Any help would be appreciated. Thanks in advance Stanislav Ochotnicky -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFcaqGul7h5FTXf/MRCDDDAJ4jkBkfkb09PJhM83ZXUI27HH81YgCfeBC+ 6YbAsDWcCbvWDmPGiU655RU= =sZgU -----END PGP SIGNATURE----- _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
