Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Capturing System Calls

From: ztang () WEBER LCS MIT EDU (Chon-Chon Tang)
Date: Thu, 22 Jun 2000 14:18:59 -0400

I'm curious, I assumed strace would exec the executable being traced,
allowing it to break/track syscalls.  But, anyone know HOW strace works in
user space on a currently RUNNING process?

On Thu, 22 Jun 2000, Steve Mosher wrote:


      Yep. 'strace' is quite standard with Linux at least. You can use
it to start the process, or you can sick it on a currently running process
if you like (with -p <pid>). Quite nice... quite invaluable. You can't
modify the calls though...

On Thu, 22 Jun 2000, Green Charles Contr AFRL/IFGB wrote:

On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to capture/modify
system calls calls from an application with out modifying the kernel (or
using kernel modules) - preferably in userspace? The reason I ask is that a
group of us are being asked to evaluate a piece of software for my company
but they've put some heavy restrictions on how we do it. One of the
restriction is that we're not allowed to modify the kernel.

--
Shop smart, shop S-Mart!
      - Ash
Previous By Date Next
Previous By Thread Next

Current thread: