Date: Sat, 02 Dec 2006 17:32:06 +0100 From: Stanislav Ochotnicky <stanislav.ochotnicky@kmit.sk> To: freebsd-hackers@freebsd.org Subject: tracing AND intercepting syscalls? Message-ID: <4571AA86.1060303@kmit.sk>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi I'm doing some research concerning tracing and intercepting of syscalls. Ideally this would be done in userspace. It doesn't have to be system-wide. It would be enough if I could fork/exec new process, and somehow be noticed every time it makes syscall, with ability to alter arguments/return values. I (more or less) need similar interface like linux ptrace when called with PTRACE_SYSCALL. systrace utility does the same thing in OpenBSD/linux. I've been through some mailing lists and their archives, read FreeBSD developers guide,TrustedBSD's MAC framework intro, man pages, asked on IRC and god knows what else and couldn't find a solution. Here's what I have found out so far about interfaces that resemble what I need: ptrace: unable to trace syscalls, only singlestep, this would be too slow imho, not mentioning problems with identifying syscalls. /proc interface: more or less like ptrace, better with modifying memory of process etc. but also unable to trace syscalls ktrace: almost there, able to trace syscalls, but it only writes them to file, and thus i cannot intercept them. trustedbsd's MAC framework: i've read manual, looked at source etc. And I couldn't find a way to stop at every syscall certain process has made. There is mac_syscall() function but as far as I could tell, it only registers new syscall. All in all, it seems that it should have some way to do this, maybe I just couldn't find it. If kernel module/change is needed I would appreciate push in right direction. Any help would be appreciated. Thanks in advance Stanislav Ochotnicky -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFcaqGul7h5FTXf/MRCDDDAJ4jkBkfkb09PJhM83ZXUI27HH81YgCfeBC+ 6YbAsDWcCbvWDmPGiU655RU= =sZgU -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4571AA86.1060303>