Hi, If someone is interested, here is a paper about a new syscall hooking technique for Linux and "Gungnir", a proof of concept code that take advantage of this mechanism in order to control infected userland applications. http://www.7a69ezine.org/Linux_PerProcess_Syscall_Hooking.txt best regards, pluf