Dan Shimshoni wrote: >> Certainly ptrace has been used to both trace and modify running >> binaries, by gdb, strace, dumpmem[1], memfetch[2] and others. >> Yes, I am aware of all of the above except memfetch (I did not remember the names of dumpmem, but I did attend your lecture at the time). fakeroot-ng does take it a step further. I'll just point out a couple or three things (those that are either already implemented or will be implemented by the lecture):
1. Automatic manipulation. Unlike strace, fakeroot-ng actually changes the program while running. Unlike gdb, it does so automatically. 2. Syscall generation - program calls one syscall, you make it call three. 3. Recursive debuggers support - run strace (or fakeroot-ng, but at least at the moment not gdb) from within the fakeroot environment. > You forgot system call tracker hijacking. > syscall-tracker is not a user-space solution. > DS > Shachar _______________________________________________ Haifux mailing list Haifux@haifux.org http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux