LibSysCTr is a utility library that can be used to intercept system call functions on a Linux system. Process monitoring and sandboxing are just two of the potential usages of LibSysCTr. Internally the LibSysCTr library uses the ptrace(2) functionalities by monitoring and reporting events to the library caller. The LibSysCTr is callback driven, that means that the user initializes the library with systr_init_library(), registers the system calls he wants to monitor with systr_trace_syscall(), and calls systr_run() to start receiving events in the form of callback invocation. For each intercepted system call, two calls to the registered callback function are performed. One during the system call entry, before the system call iteself will be executed by the kernel, and one after the kernel has processed the system call (right before returning the userspace). Utility functions are supplied to, retrieve information about the process, get/set the system call parameters, and read/write the monitored process address space. The LibSysCTr library follows all threads and processes spawned by the traced task, by giving the caller the complete control over the whole monitored process hierarchy.


The LibSysCTr library man page is available : HTML   TXT    PDF

License and Software

LibSysCTr is made available through the GNU LGPL license together with the complete sources. Please read carefully the license before using the software. The latest library package is available here :

Version 0.2

Links And Docs

LibSysCTr FreshMeat Home Page

Author Home Page