System Call Tracking without ptrace,strace,etc.

Posted on In QA, Tutorial

How could I log system calls made by another process without using current built in functions like ptrace, strace, audit etc.

I think two options are intercepting the system call table, and another is modifying the entry_64.s file. I want to output these system calls to a file.

Can’t find any suggestions on this anywhere.


What’s the reason that you don’t use ptrace? It is supported from Linux kernel directly. Any other solutions may likely go through a similar way to what ptrace does..

Leave a Reply

Your email address will not be published. Required fields are marked *