[Haifux] [Haifux Lecture] User space syscall tracing andmanipulation - fakeroot-ng by Shachar Shemesh

Dan Shimshoni danshimsh at gmail.com
Thu Jan 17 13:49:52 IST 2008


>Certainly ptrace has been used to both trace and modify running
>binaries, by gdb, strace, dumpmem[1], memfetch[2] and others.

You forgot system call tracker hijacking.

DS


On Jan 17, 2008 1:08 PM, Muli Ben-Yehuda <muli at il.ibm.com> wrote:
> On Thu, Jan 17, 2008 at 12:45:10PM +0200, Shachar Shemesh wrote:
>
> > Fakeroot-ng is a (as far as I know) first attempt to do the things
> > usually done with LD_PRELOAD using the ptrace mechanism. It was both
> > the trigger and the root cause of this lecture.
>
> Not sure what you mean by "things usually done with LD_PRELOAD?"
> Certainly ptrace has been used to both trace and modify running
> binaries, by gdb, strace, dumpmem[1], memfetch[2] and others. I think
> I even gave a haifux talk on run-time modification of programs using
> ptrace for fun an profit a few years ago.
>
> > The lecture will look at fakeroot, fakechroot, fakeroot-ng and
> > strace, at varying degrees of depths, mostly because all four chose
> > slightly different approaches for solving, fundamentally, the same
> > problem.
>
> They did?
>
> Sounds like an interesting talk, will try to attend.
>
> [1] http://www.mulix.org/dumpmem.html
> [2] http://lcamtuf.coredump.cx/soft/memfetch.tgz
>
> Cheers,
> Muli
>
> _______________________________________________
> Haifux mailing list
> Haifux at haifux.org
> http://hamakor.org.il/cgi-bin/mailman/listinfo/haifux
>


More information about the Haifux mailing list