[Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh
Shachar Shemesh
shachar at shemesh.biz
Thu Jan 17 15:12:31 MSK 2008
Dan Shimshoni wrote:
>> Certainly ptrace has been used to both trace and modify running
>> binaries, by gdb, strace, dumpmem[1], memfetch[2] and others.
>>
Yes, I am aware of all of the above except memfetch (I did not remember
the names of dumpmem, but I did attend your lecture at the time).
fakeroot-ng does take it a step further. I'll just point out a couple or
three things (those that are either already implemented or will be
implemented by the lecture):
1. Automatic manipulation. Unlike strace, fakeroot-ng actually changes
the program while running. Unlike gdb, it does so automatically.
2. Syscall generation - program calls one syscall, you make it call three.
3. Recursive debuggers support - run strace (or fakeroot-ng, but at
least at the moment not gdb) from within the fakeroot environment.
> You forgot system call tracker hijacking.
>
syscall-tracker is not a user-space solution.
> DS
>
Shachar
More information about the Haifux
mailing list