MayBe (Process File System call audit)

Card Puncher Data Processing


maybe runs processes under the control of ptrace to show which file system modifications would perform a process.


maybe intercepts the system calls that is about to make changes to the file system, it logs that call, and then modifies CPU registers to both redirect the call to an invalid syscall ID (effectively turning it into a no-op) and set the return value of that no-op call to one indicating success of the original call.

Documentation / Reference

Share this page:
Follow us:
Task Runner