Date: Sun, 03 Sep 2000 01:00:19 -0700 From: Pavlin Ivanov Radoslavov <pavlin@catarina.usc.edu> To: freebsd-hackers@freebsd.org, sef@freebsd.org Cc: pavlin@catarina.usc.edu Subject: Q: System call interception Message-ID: <200009030800.BAA32964@rumi.usc.edu>
next in thread | raw e-mail | index | archive | help
I need to write some code that will be like a wrapper for some user-level binaries and will intercept some system calls before and after each call, and eventually modify the arguments and/or the result. First I was looking at ptrace(3), but seems that the *BSD ptrace doesn't have the equivalent of PTRACE_SYSCALL. I tried to use the /proc file system, but I ran into a problem. By adapting the truss(1) code I could intercept a child process's system calls (before and after the syscall is completed). However, if I want to modify the return result for example by writing to the registers (using write() to "/proc/%d/regs"), I get error "Device busy". The procfs(5) man page says that I can write to the registers only if the child process is stopped, but seems like that successful "ioctl(PIOCWAIT)" before the writing to the registers is not enough. Playing with writing "attach", "wait", etc. to /proc/%d/ctl didn't help either. I did some search around to find sample code how to modify the intercepted syscalls behavior, but coudn't find any. Any suggestions or ideas? Thanks, Pavlin P.S. Tested OS version: FreeBSD-4.1 and 3.2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009030800.BAA32964>