From owner-freebsd-hackers  Thu Oct 17 15:13:27 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8710037B401
	for <hackers@freebsd.org>; Thu, 17 Oct 2002 15:13:26 -0700 (PDT)
Received: from pollux.cse.buffalo.edu (pollux.cse.Buffalo.EDU [128.205.35.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BDACD43E6E
	for <hackers@freebsd.org>; Thu, 17 Oct 2002 15:13:25 -0700 (PDT)
	(envelope-from rc27@cse.Buffalo.EDU)
Received: (from rc27@localhost)
	by pollux.cse.buffalo.edu (8.11.6+Sun/8.10.1) id g9HMDO423357
	for hackers@freebsd.org; Thu, 17 Oct 2002 18:13:24 -0400 (EDT)
Date: Thu, 17 Oct 2002 18:13:24 -0400 (EDT)
From: Ramkumar Chinchani <rc27@cse.Buffalo.EDU>
Message-Id: <200210172213.g9HMDO423357@pollux.cse.buffalo.edu>
To: hackers@freebsd.org
Subject: tracing exec system call
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


What would be the best way to *capture* the execv system call at its entry point
from user space? ptrace()?

What would be a good way to inspect the command line args to execv *after* the
path, etc., has been resolved? 

This is useful if one wants to monitor a process and all the system calls it makes and then disallow a few of them if suspicious.

Thanks.
-Ram

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message