|
|
|
|
|
|
by drewg123
1582 days ago
|
|
|
If you're only interested in syscalls, then yes. But a library's memory is mmaped (syscall), which just establishes a virtual address mapping for the library file. When the library is accessed, that mmap'ed region is faulted in (not a syscall). This is something where you need eBFP (or dtrace, etc) to see what's happening. |
|
|