It doesn't work this way, but my first expectation was that this would take an LVM2/ZFS snapshot and diff the file trees afterward. Then it'd be easily ported to Windows (VSS) and wouldn't have the subprocess issues on *BSD, but, the diff would be slower, unordered, and contain changes made by unrelated processes.
combining the ptrace approach for logging with mount namespaces, snapshotting or overlayfs would probably be more consistent approach if the program actually tries to use the files.
just stubbing out the system calls sounds like it'll quickly break down once the programs try to do something more complicated with the files.
