GNU/Linux system call tracing library
LibSysCTr intercepts system call functions on a GNU/Linux system. Process monitoring and sandboxing are just two of its potential uses. LibSysCTr uses the ptrace(2) functionalities by monitoring and reporting events to the library caller. LibSysCTr is callback driven, which means the user initializes the library with systr_init_library(), registers the system calls he wants to monitor with systr_trace_syscall(), and calls systr_run() to start receiving events in the form of callback invocation. For each intercepted system call, two calls to the registered callback function are performed: one during the system call entry, before the system call iteself will be executed by the kernel, and one after the kernel has processed the system call (right before returning the userspace). Utility functions are supplied to, retrieve information about the process, get/set the system call parameters, and read/write the monitored process address space.
13 May 2005
Leaders and contributors
Resources and communication
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the page “GNU Free Documentation License”.
The copyright and license notices on this page only apply to the text on this page. Any software or copyright-licenses or other similar notices described in this text has its own copyright notice and license, which can usually be found in the distribution or license text itself.