LibSysCTr
LibSysCTr
is a utility library that can be used to intercept system call
functions
on a Linux system. Process monitoring and sandboxing are just two of
the
potential usages of
LibSysCTr.
Internally the
LibSysCTr
library uses the
ptrace(2)
functionalities by monitoring and reporting events to the library
caller.
The
LibSysCTr
is callback driven, that means that the user initializes the library
with
systr_init_library(),
registers the system calls he wants to monitor with
systr_trace_syscall(),
and calls
systr_run()
to start receiving events in the form of callback invocation. For each
intercepted
system call, two calls to the registered callback function are
performed. One during
the system call entry, before the system call iteself will be executed
by the kernel,
and one after the kernel has processed the system call (right before
returning the
userspace). Utility functions are supplied to, retrieve information
about the process,
get/set the system call parameters, and read/write the monitored
process address space.
The
LibSysCTr
library follows all threads and processes spawned by the traced task,
by giving the
caller the complete control over the whole monitored process hierarchy.
Documentation
License and Software
LibSysCTr is made available through the GNU LGPL license together with the complete sources. Please read carefully the license before using the software. The latest library package is available here :
Links
And Docs