how to use programming way to intercept system calls invoked in a running process on linux?

1. How to do it by external process? Say,开发者_开发知识库 process A want to know what system calls in process B? like strace?
2. How to print out system calls invoked in a process itself? like registering some event?

thanks!

1. Check out the process id with ps or whatever. Then run "strace -p pidnumber".

2. You could check how strace does it, the source code is available, or you could just call strace from within your program...

If it is only about a specific system call (not all), you can re-write the C stub function and place it in a shared library and preload the library before executing the target application by setting LD_PRELOAD.

This results in your function being preferred over the function provided by the C library when the dynamic linker resolves function calls.

This only works for dynamically linked applications (almost all) and you need to be binary compatible to the C library used. As almost any linux uses glibc and different glibc versions are binary compatible, this shouldn't be a problem.

You could look at fakeroot (as an example) on how to do it.

Add: Instead of re-implementing the whole system call wrapper, you could also forward the call to the actual implementation in the C library. I assume you need to manually load the library and resolve the address (not sure about that, but otherwise you probably end up calling yourself).