I am trying to implement a Data Flow Anomaly Detection using ptrace. After a bit of research I implemented a program which is similar to strace. Now, I'm confused about this, which is what the wiki tells me about system calls:
"System calls provide the interface between a process and the operating system"
When I am using ptrace to modify the process's memory, am I working on user space or kernel space? I'm really confused about this.
You are operating in the address space of a separate process; this requires the intercession of (and permission from) the kernel, since independent processes cannot normally affect each others' address spaces.