top | item 41004370 (no title) simfoo | 1 year ago Yeah that was also my understanding, and I can't imagine a av module able to intercept filesystem and syscalls to be only using non-core symbols. But of course you never know without decompiling the module discuss order hn newest yjftsjthsd-h|1 year ago > and I can't imagine a av module able to intercept filesystem and syscalls to be only using non-core symbols.I can, considering that you can do that from user space using strace. Or ebpf which is probably the actual right way to do this kind of thing.
yjftsjthsd-h|1 year ago > and I can't imagine a av module able to intercept filesystem and syscalls to be only using non-core symbols.I can, considering that you can do that from user space using strace. Or ebpf which is probably the actual right way to do this kind of thing.
yjftsjthsd-h|1 year ago
I can, considering that you can do that from user space using strace. Or ebpf which is probably the actual right way to do this kind of thing.