[Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh

Shachar Shemesh shachar at shemesh.biz
Thu Jan 17 15:12:31 MSK 2008

Dan Shimshoni wrote:

>> Certainly ptrace has been used to both trace and modify running
>> binaries, by gdb, strace, dumpmem[1], memfetch[2] and others.
Yes, I am aware of all of the above except memfetch (I did not remember 
the names of dumpmem, but I did attend your lecture at the time). 
fakeroot-ng does take it a step further. I'll just point out a couple or 
three things (those that are either already implemented or will be 
implemented by the lecture):

1. Automatic manipulation. Unlike strace, fakeroot-ng actually changes 
the program while running. Unlike gdb, it does so automatically.
2. Syscall generation - program calls one syscall, you make it call three.
3. Recursive debuggers support - run strace (or fakeroot-ng, but at 
least at the moment not gdb) from within the fakeroot environment.

> You forgot system call tracker hijacking.
syscall-tracker is not a user-space solution.
> DS

More information about the Haifux mailing list