ErmineSI is a platform that allows custom syscall handling.
The advantages gained are outlined in detail here:
Intercept more than LD_PRELOAD
While it is possible to intercept part of syscalls (actually function calls) using LD_PRELOAD, it's only a part. Syscalls originated from ld-linux or internal libc functions will never be intercepted by LD_PRELOAD. But will be by ErmineSI.
Intercept more than FUSE
FUSE (Filesystem In User Space) intercept only filesystem related syscalls. ErmineSI able to intercept others too - socket syscalls, uname, time, etc.
Both dynamically and statically linked applications supported
Unlike LD_PRELOAD ErmineSI works for statically linked applications too.
Don't interfere with LD_PRELOAD
LD_PRELOAD used widely enough. And it always a hard question of the hooks execution order when more than one library LD_PRELOADed. With ErmineSI it's simple - when syscall is called from whatever hook - ErmineSI intercepts it.
No root privileges needed at installation time
ErmineSI can be installed in any directory you have access to.
Works without access to source code or object files
No access to the object files (or source code) of the target application. ErmineSI works directly with existing binary.
User mode only
No kernel module is required to deploy or run applications under ErmineSI.
Feature comparisonThe table below shows a comparative view of the features of possible solution for syscall interception.
|Feature||ErmineSI||LD_PRELOAD||FUSE||Custom Kernel Module|
|Intercept syscalls from ld-linux and internal libc functions||Yes||No||Yes||Yes|
|Intercept any syscalls, not only file-system related||Yes||Yes||No||Yes|
|Support for statically linked executable||Yes||No||Yes||Yes|
|No root privileges at installation time||Yes||Yes||Yes||No|
|No root privileges at run time||Yes||Yes||No||Yes|
|User mode only||Yes||Yes||Yes||No|
|Code should be licensed under GPL||No||No||No||Yes|