Hi, If I am not missing anything and if there is libc wrapper provided for calls to be trapped then I think this can be done userspace. Just write the wrappers for calls to be trapped and and make a shared lib out of it, and then do a LD_PRELOAD of that lib, or add it to /etc/ld.so.preload. So it would look like this, app calls func -> func in your wrapper lib -> actual libc func or whatever you want to call from you lib. This way, you cal trap all calls like open/close etc CMIIW. Regards, Sandeep. On Tue, Nov 11, 2008 at 4:56 AM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote: > On Tue, Nov 11, 2008 at 5:24 AM, <lech@xxxxxxxxxxxxxxxx> wrote: > >>> there is only 4 debug registers available, whereas kprobe allow >>> limitless (almost????) numbers of probe points. >> >> Well yes - but if you want to trace syscalls you can just set the trap for >> the call gate. > > yes, of course, since all syscall get executed via int 0x80, or > SYSENTER, so setting breakpoint on these two points in the kernel can > catch all syscall. > > -- > Regards, > Peter Teoh > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx > Please read the FAQ at http://kernelnewbies.org/FAQ > > -- Regards, Sandeep. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
