ErmineSI is a platform that allows custom syscall handling.

The advantages gained are outlined in detail here:

Intercept more than LD_PRELOAD

While it is possible to intercept part of syscalls (actually function calls) using LD_PRELOAD, it's only a part. Syscalls originated from ld-linux or internal libc functions will never be intercepted by LD_PRELOAD. But will be by ErmineSI.

Intercept more than FUSE

FUSE (Filesystem In User Space) intercept only filesystem related syscalls. ErmineSI able to intercept others too - socket syscalls, uname, time, etc.

Both dynamically and statically linked applications supported

Unlike LD_PRELOAD ErmineSI works for statically linked applications too.

Don't interfere with LD_PRELOAD

LD_PRELOAD used widely enough. And it always a hard question of the hooks execution order when more than one library LD_PRELOADed. With ErmineSI it's simple - when syscall is called from whatever hook - ErmineSI intercepts it.

No root privileges needed at installation time

ErmineSI can be installed in any directory you have access to.

Works without access to source code or object files

No access to the object files (or source code) of the target application. ErmineSI works directly with existing binary.

User mode only

No kernel module is required to deploy or run applications under ErmineSI.

Feature comparison

The table below shows a comparative view of the features of possible solution for syscall interception.

Feature ErmineSI LD_PRELOAD FUSE Custom Kernel Module
Intercept syscalls from ld-linux and internal libc functions Yes No Yes Yes
Intercept any syscalls, not only file-system related Yes Yes No Yes
Support for statically linked executable Yes No Yes Yes
No root privileges at installation time Yes Yes Yes No
No root privileges at run time Yes Yes No Yes
User mode only Yes Yes Yes No
Performance Good Good Poor Good
Code should be licensed under GPL No No No Yes