This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Accessing probe info synchronously


Hi,

We are two students at Aalborg University that are trying to make an
application intrusion detections system, and we would like to be
notified of any system calls that an application tries to do.

We noticed SystemTap, and while it seems to be capable of what we want,
we would like not to use relayfs for receiving the information, as that
will make us unable to get a one to one mapping of system calls and
notifications. We would like if the application at most can do one
system call before we know of it.

So my question is this:
Is there any way to access the information that SystemTap probes
directly from kernel space, without using relayfs?

Thanks in advance for any help.

Kind regards,
Lasse Bigum

Attachment: smime.p7s
Description: S/MIME cryptographic signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]