[Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
danshimsh at gmail.com
Thu Jan 17 14:49:52 MSK 2008
>Certainly ptrace has been used to both trace and modify running
>binaries, by gdb, strace, dumpmem, memfetch and others.
You forgot system call tracker hijacking.
On Jan 17, 2008 1:08 PM, Muli Ben-Yehuda <muli at il.ibm.com> wrote:
> On Thu, Jan 17, 2008 at 12:45:10PM +0200, Shachar Shemesh wrote:
> > Fakeroot-ng is a (as far as I know) first attempt to do the things
> > usually done with LD_PRELOAD using the ptrace mechanism. It was both
> > the trigger and the root cause of this lecture.
> Not sure what you mean by "things usually done with LD_PRELOAD?"
> Certainly ptrace has been used to both trace and modify running
> binaries, by gdb, strace, dumpmem, memfetch and others. I think
> I even gave a haifux talk on run-time modification of programs using
> ptrace for fun an profit a few years ago.
> > The lecture will look at fakeroot, fakechroot, fakeroot-ng and
> > strace, at varying degrees of depths, mostly because all four chose
> > slightly different approaches for solving, fundamentally, the same
> > problem.
> They did?
> Sounds like an interesting talk, will try to attend.
>  http://www.mulix.org/dumpmem.html
>  http://lcamtuf.coredump.cx/soft/memfetch.tgz
> Haifux mailing list
> Haifux at haifux.org
More information about the Haifux