Keeping track of called syscalls in real-time

Ben Mezger su at seds.nl
Wed Jun 28 16:48:15 EDT 2017


Can the kernel keep track of all the system calls that were called by an
application/module in real-time?
I know I can statically use strace, or even gdb, but I am looking for a
solution in real time when the application/module is already running and
the user has no control over it.

I am not sure if a system call needs to go through a sort of wrapper to
get it from the syscall table, which I'm then assuming I can get such
info from there, but I am not sure.

I am looking for hints/options to archive this.

Many thanks

-- 
- seds
~> https://seds.nl



More information about the Kernelnewbies mailing list