From owner-freebsd-hackers Sun Sep 3 1: 0:22 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from catarina.usc.edu (catarina.usc.edu [128.125.51.47]) by hub.freebsd.org (Postfix) with ESMTP id 7D8A637B423; Sun, 3 Sep 2000 01:00:20 -0700 (PDT) Received: from rumi.usc.edu (rumi.usc.edu [128.125.51.41]) by catarina.usc.edu (8.9.3/8.9.3) with ESMTP id BAA34002; Sun, 3 Sep 2000 01:00:20 -0700 (PDT) Received: from rumi (localhost [127.0.0.1]) by rumi.usc.edu (8.9.3/8.9.3) with ESMTP id BAA32964; Sun, 3 Sep 2000 01:00:19 -0700 (PDT) Message-Id: <200009030800.BAA32964@rumi.usc.edu> To: freebsd-hackers@freebsd.org, sef@freebsd.org Cc: pavlin@catarina.usc.edu Subject: Q: System call interception Date: Sun, 03 Sep 2000 01:00:19 -0700 From: Pavlin Ivanov Radoslavov Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I need to write some code that will be like a wrapper for some user-level binaries and will intercept some system calls before and after each call, and eventually modify the arguments and/or the result. First I was looking at ptrace(3), but seems that the *BSD ptrace doesn't have the equivalent of PTRACE_SYSCALL. I tried to use the /proc file system, but I ran into a problem. By adapting the truss(1) code I could intercept a child process's system calls (before and after the syscall is completed). However, if I want to modify the return result for example by writing to the registers (using write() to "/proc/%d/regs"), I get error "Device busy". The procfs(5) man page says that I can write to the registers only if the child process is stopped, but seems like that successful "ioctl(PIOCWAIT)" before the writing to the registers is not enough. Playing with writing "attach", "wait", etc. to /proc/%d/ctl didn't help either. I did some search around to find sample code how to modify the intercepted syscalls behavior, but coudn't find any. Any suggestions or ideas? Thanks, Pavlin P.S. Tested OS version: FreeBSD-4.1 and 3.2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message