I need to write some code that will be like a wrapper
for some user-level binaries and will intercept some system calls
before and after each call, and eventually modify the arguments
and/or the result.
First I was looking at ptrace(3), but seems that the
*BSD ptrace doesn't have the equivalent of PTRACE_SYSCALL.
I tried to use the /proc file system, but I ran into a problem.
By adapting the truss(1) code I could intercept
a child process's system calls (before and after the syscall is
completed).
However, if I want to modify the return result for example by
writing to the registers (using write() to "/proc/%d/regs"), I get
error "Device busy".
The procfs(5) man page says that I can write to the registers only
if the child process is stopped, but seems like that
successful "ioctl(PIOCWAIT)" before the writing to the registers is
not enough.
Playing with writing "attach", "wait", etc. to /proc/%d/ctl
didn't help either.
I did some search around to find sample code how to modify the
intercepted syscalls behavior, but coudn't find any. Any suggestions
or ideas?
Thanks,
Pavlin
P.S. Tested OS version: FreeBSD-4.1 and 3.2
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
