Vulnerability Development mailing list archives
Re: Capturing System Calls
From: jlegate () SITESMITH COM (Jason Legate)
Date: Thu, 22 Jun 2000 11:19:16 -0700
I was going to mention ktrace, but it requires a config change on the kernel: options KTRACE #kernel tracing Without this: su-2.03# ktrace -C ktrace: ktrace.out: Function not implemented Though, this would be the ideal situation (to be able to trace the process). Maybe this would be a good time to acquire devel hardware ;-) -j On Thu, Jun 22, 2000 at 10:27:34AM -0700, Oliver Friedrichs wrote:
If you only want to see what a program is doing, use 'truss' on solaris, 'ktrace' on bsd. DESCRIPTION The truss utility executes the specified command and pro- duces a trace of the system calls it performs, the signals it receives, and the machine faults it incurs. Each line of the trace output reports either the fault or signal name or the system call name with its arguments and return value(s). System call arguments are displayed symbolically when possi- If you want to interactively trace the process, use the 'ptrace()' system call. - Oliver-----Original Message----- From: Green Charles Contr AFRL/IFGB [mailto:Charles.Green () RL AF MIL] Sent: Thursday, June 22, 2000 9:23 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Capturing System Calls On UNIX Systems, (FreeBSD, Linux, Solaris) is there a way to capture/modify system calls calls from an application with out modifying the kernel (or using kernel modules) - preferably in userspace? The reason I ask is that a group of us are being asked to evaluate a piece of software for my company but they've put some heavy restrictions on how we do it. One of the restriction is that we're not allowed to modify the kernel.
-- /--------------------------/ Jason Legate \------------------------\ | jlegate () sitesmith com | SiteSmith, Inc. | | 24x7 Call Center | http://www.sitesmith.com | | 888.898.7667 | PGP Key ID - 0xE29C48B | +---------------------------------+--------------------------------+ | Fingerprint - 769E 8DB4 C4DB C555 2697 51C6 3181 7D6E E299 C48B | \------------------------------------------------------------------/
Current thread:
- Re: Capturing System Calls Oliver Friedrichs (Jun 22)
- Re: Capturing System Calls Jason Legate (Jun 22)
- Re: Capturing System Calls Edsel Adap (Jun 22)
- <Possible follow-ups>
- Re: Capturing System Calls Robert G. Ferrell (Jun 22)
- Re: Capturing System Calls Everhart, Glenn (FUSA) (Jun 22)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Badger, Lee (Jun 22)
- Re: Capturing System Calls Whyte, Jesse (Jun 22)
- Re: Capturing System Calls Edsel Adap (Jun 22)
- Re: Capturing System Calls Green Charles Contr AFRL/IFGB (Jun 22)
- Re: Capturing System Calls Todd Garrison (Jun 22)
- Re: Capturing System Calls Jason Legate (Jun 23)
- Re: Capturing System Calls Todd Garrison (Jun 22)
(Thread continues...)