From owner-freebsd-hackers@FreeBSD.ORG Sun Dec 3 11:58:42 2006 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3E94816A403 for ; Sun, 3 Dec 2006 11:58:42 +0000 (UTC) (envelope-from stanislav.ochotnicky@kmit.sk) Received: from alibaba.kmit.sk (alibaba.kmit.sk [194.160.28.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AF6943CA2 for ; Sun, 3 Dec 2006 11:58:15 +0000 (GMT) (envelope-from stanislav.ochotnicky@kmit.sk) Received: from localhost (localhost.localdomain [127.0.0.1]) by alibaba.kmit.sk (Postfix) with ESMTP id 3325E7F94 for ; Sun, 3 Dec 2006 12:58:40 +0100 (CET) Received: from [10.10.0.6] (gw.kmit.sk [194.160.28.62]) by alibaba.kmit.sk (Postfix) with ESMTP id 6D81E7F84 for ; Sun, 3 Dec 2006 12:58:39 +0100 (CET) Message-ID: <4572BBE3.7020903@kmit.sk> Date: Sun, 03 Dec 2006 12:58:27 +0100 From: Stanislav Ochotnicky MIME-Version: 1.0 To: freebsd-hackers@freebsd.org References: <4571AA86.1060303@kmit.sk> <20061203100714.H40536@fledge.watson.org> In-Reply-To: <20061203100714.H40536@fledge.watson.org> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: tracing AND intercepting syscalls? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Dec 2006 11:58:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Robert Watson wrote: > As discussed elsewhere in the thread, ptrace() has a syscall trapping > facility, although I've not used it so can't speak to how well it works. As I mentioned earlier, I didn't find any info about ptrace() syscall trapping facility(PT_SYSCALL, PT_TO_SCE and PT_TO_SCX) because it wasn't in the man nor info page about ptrace(). When I was noticeed about theese interfaces, I checked the source and It looks like it should solve my problem. Maybe the man page should be updated accordingly? > There are patches to add system call entry and exit hooks to the MAC > Framework, but they've not yet been merged. I anticipate that they will > ship in FreeBSD 7.0, and may get MFC'd, depending on schedule, etc. That would be certainly nice, if this could be done at system level. There would be certainly lots of tools that could use this (Dtrace perhaps?) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFcrvjul7h5FTXf/MRCCjLAJ9wgU4s8Juvu0GXRD8ck1R0gcQ4HACfeSGU QpRT3q9PBBx2I8/9RMJCMkw= =CTRr -----END PGP SIGNATURE-----