LinuxQuestions.org - intercepting system call / alternative to strace

- Linux - Kernel (https://www.linuxquestions.org/questions/linux-kernel-70/)

- - intercepting system call / alternative to strace (https://www.linuxquestions.org/questions/linux-kernel-70/intercepting-system-call-alternative-to-strace-764267/)

intercepting system call / alternative to strace

Hello guys,
I want to trace a particular application, all the system calls which was call to that application.
I can do this by strace but I want to do this dynamically. like say if I want to keep track on ps2pdf, whenever I run this command then it should capture all the system calls related to ps2pdf.
CAn we do this by intercpeting the system call? ( execve , read, write ,open ,close) . Its enough if we can able to get exec() command .
Is there any other way to achieve this?

Thanks
Shanim

Have a look at systemtap.

Hi, Thanks for reply
But systemmap can able to return this kind of output? like not counting how many syscalls, how many times,
rather I am looking for an arguments inside it. I can able to parse those system call by other functions.

Basically I am trying to generate a relationship between arguments of the syscalls ( including header files / or read only files etc)
Can I achieve this by systemtap? if yes tell me in short how?

Quote:

execve("/usr/bin/pdf2ps", ["pdf2ps", "./wp_systemcallinterception.pdf", "new.ps$
rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0
brk(0xfea000) = 0xfea000
open("/proc/meminfo", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f$
read(3, "MemTotal: 3996212 kB\nMemFree"..., 1024) = 774
close(3) = 0
......
...
..

This I can get using strace I am looking same kind of information using systemmap or any other way
Thanks
Shanim