Hooking sycalls from userspace on Linux
-
06-07-2019 - |
Question
Is there any way to catch all syscalls on Linux? The only solution I know of is using LD_PRELOAD à la fakeroot, but that only works for dynamically linked applications. Furthermore, this approach requires enumerating all syscalls which is something I'd like to avoid.
Solution
I think you are looking for ptrace(2)
.
OTHER TIPS
You can trace a program. Think about how strace
works. Hint: it doesn't use LD_PRELOAD
tricks.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow