I'd like to do the following: Trap all read/write access to a page in
memory (e.g., for logging purposes), but do not deny them. When I use
mprotect() on a certain location, I can intercept the read/write, but
(as the page is obviously protected) the read/write is not actually
performed. I'd like my handler to be called right prior to any read and
any write, but without changing the results.

I find it hard to explain (English is not my native language), so maybe
the solution I have though of (but find incredibly ugly) helps:

1. Install sighandler for SIGSEGV
2. mprotect() the region in question
3. Upon SIGSEGV, log, reverse mprotect, set flag that memory is unprotected
4. Change return value on stack so that the instuction which led to the
SIGSEGV is executed again (and will work this time). Also patch code so
that instructed executed after the trapped instruction is replaced by int3
5. Upon SIGSEGV (because of int3), install mprotect again, set flag that
memory is protected, patch code back to original instruction, again
change return value so that the last instruction is executed

This should work - but it's horrible. And really lots of work. What I
would like much more is something like a flag that I could pass to
mprotect (all pseudocode following)

mprotect(my_region, 4096, PROT_INTERCEPT);

void intercepthandler(int signal, void *magic) {
        struct magicmprotstruct *m = (struct magicmprotstruct *)magic;
        printf("There was a %d byte %s on addr %x with value %x\n",
                magic->opsize,
                magic->read ? "read" : write,
                magic->addr,
                magic->value);

4. analyse the interrupted instruction and do the memory access yourself
from inside the SIGSEGV handler
5. install mprotect again
6. continue

The hard part is the disassembling.  But your design has the same problem.

Vitus