|

System Call Tracking without ptrace,strace,etc.

ByQ A

How could I log system calls made by another process without using current built in functions like ptrace, strace, audit etc.

I think two options are intercepting the system call table, and another is modifying the entry_64.s file. I want to output these system calls to a file.

Can’t find any suggestions on this anywhere.

What’s the reason that you don’t use ptrace? It is supported from Linux kernel directly. Any other solutions may likely go through a similar way to what ptrace does..

Read more:

Similar Posts

  • Linux Cluster Solutions

    ByEric Ma

    Solutions to Linux cluster construction and management such as unified account management, NFS home directory, network configurations are summarised in this post. The post is keeping updating while new solutions is added to this site. ===Account and storage management=== [[unified-linux-login-and-home-directory-using-openldap-and-nfsautomount|Unified Linux Login and Home Directory Using OpenLDAP and NFS/automount]] [[backup-linux-home-directory-using-rsync|Backup Linux Home Directory Using rsync]]…

  • How to config network in host (wireless network) for QEMU guest os

    ByWeiwei Jia

    The host os is connected into network by wireless one so how to let its guest os connect network. Take [1] as a reference. I run it successfully with following steps. 1, create /etc/qemu-ifup script and chmod it. 2, start a qemu guest os with command sudo ./qemu/qemu-system-x86_64 -enable-kvm -m 1024 -drive file=marss_dram.qcow2 -vnc 127.0.0.1:0…

  • How to remove AdSense ads for mobile devices while keep them for desktops?

    ByEric Ma

    I want to add adsense ads to be shown to visitors on desktop only. How to remove AdSense ads for mobile devices? You can achieve this through using “Responsive ad unit” of AdSense. The support article Create a responsive ad unit from AdSense discusses this and gives an example. Check the “Hiding an ad unit”…

  • Syntactical difference among OCaml, Scala, F# and Haskell

    ByEric Ma

    What’s the syntactical difference among OCaml, Scala, F# and Haskell. This page gives a side-by-side reference among OCaml, F#, Scala and Haskell: ML Dialects and Friends: OCaml, F#, Scala, Haskell Read more: How to install Scala from the official Scala distribution How to make Alt-Tab switch among windows instead of applications in Gnome 3? What’s…

  • MFC程序使用系统风格界面

    ByEric Ma

    VC6默认编译出来的程序在XP下Luma风格下运行也是Windows的经典界面, 有损界面的美观与统一. VC2008默认设置下如果不是使用的unicode也是如此. 本文给出使VC6和VC2008可以编译出使用系统界面风格的解决方案. 1. 使VC6编译出使用系统风格的程序 步骤如下: 1) 创建一个.manifest文件的资源. 在res/文件夹下创建一个跟以程序名加.manifest的文件, 如果程序为test.exe, 则创建test.exe.manifest 文件可由此下载: https://www.systutorials.com/t/g/programming/resultcollector.manifest/ 注意要使用utf-8编码保存。 2) 将新定义的资源加入到.rc2文件中, 类型设为24. 打开res/文件夹下的.rc2文件, 在其中加入如下定义: 1 24 MOVEABLE PURE “res/test.exe.manifest” 其中的文件地址按1)步中修改的设置即可. 之后编译即可, 为了使程序界面可能充分利用系统的界面特性, 可以将界面字体设置为TrueType类型的, 利用Windows XP等系统的屏幕字体平滑特性. 2. 使VC2008编译出使用系统风格的程序 在VC2008下就比较简单了, 如果程序字符集使用unicode则默认就是使用系统界面风格的, 如果选择其它的类型, 则编辑下stdafx.h即可. 最后面部分找到这么一段: #ifdef _UNICODE #if defined _M_IX86 #pragma comment(linker,”/manifestdependency:”type=’win32′ name=’Microsoft.Windows.Common-Controls’ version=’6.0.0.0′ processorArchitecture=’x86′ publicKeyToken=’6595b64144ccf1df’ language=’*'””) #elif defined _M_IA64 #pragma comment(linker,”/manifestdependency:”type=’win32’…

Leave a Reply

Your email address will not be published. Required fields are marked *