How to reimplement (or wrap) a syscall function in linux?

10 down vote favorite

7

Suppose I want to completely take over the open() system call, maybe to wrap the actual syscall and perform some logging.One way to do this is to use LD_PRELOAD to load a (user-made) shared object library that takes over the open() entry point.The user-made open() routine then obtain the pointer to the glibc functionopen() by dlsym()ing it, and calling it.

The solution proposed above is a dynamic solution, however. Suppose I want to link my ownopen() wrapper statically. How would I do it ? I guess the mechanism is the same, but I also guess there will be a symbol clash between the user-definedopen() and the libc open().

Please share any other techniques to achieve the same goal.

You can use the wrap feature provided by ld. From man ld:

--wrap symbol Use a wrapper function for symbol. Any undefined reference tosymbol will be resolved to __wrap_symbol.

Any undefined reference to __real_symbol will be resolved to symbol.

So you just have to use the prefix __wrap_ for your wrapper function and__real_ when you want to call the real function. A simple example is:

malloc_wrapper.c:

#include <stdio.h>void *__real_malloc (size_t);/* This function wraps the real malloc */void * __wrap_malloc (size_t size){    void *lptr = __real_malloc(size);    printf("Malloc: %lu bytes @%p\n", size, lptr);    return lptr;}

Test application testapp.c:

#include <stdio.h>#include <stdlib.h>int main(){    free(malloc(1024)); // malloc will resolve to __wrap_malloc    return 0;}

Then compile the application:

gcc -c malloc_wrapper.cgcc -c testapp.cgcc -Wl,-wrap,malloc testapp.o malloc_wrapper.o -o testapp

The output of the resulting application will be:

$ ./testappMalloc: 1024 bytes @0x20d8010

http://stackoverflow.com/questions/3662856/how-to-reimplement-or-wrap-a-syscall-function-in-linux

http://www.lingcc.com/2011/12/23/11907/

很多时候，可能需要替换已有库函数，或者对其库函数进行修改。
为了避免对那些静态链接库或者动态链接库文件大动干戈，我们可以使用ld提供的–wrap选项。

例如，想把所有的malloc函数都作修改，以便让malloc出的内存都是32字节对齐的。
我们可以给ld传选项“­­wrap=malloc”， 告诉ld，我们将替换名称为malloc的函数。
接着再如下定义一个新的malloc函数:

void * __wrap_malloc( size_t size) {  void* result;  result=memalign(32, size);  return result;}

可以看到，程序中有个类似库函数名称的__wrap_malloc。
ld在遇到__wrap选项后，会使用__wrap_malloc函数名替换所有对malloc的调用。
并以此实现替换的作用。

那麽，如果还向调用原函数怎么办呢？
可以使用__real_malloc，这个函数名称就对应了原来的malloc。
每次调用malloc时都打印生成的指针地址。

void * __wrap_malloc( size_t size) {  void* result;  result= __real_malloc( size);  printf("Malloc: allocate %d byte mem, start at %p", size, result);  return result;}

附完整程序：

#include <stdio.h>#include <stdlib.h>void * __wrap_malloc( size_t size) {  void* result;  //result= __real_malloc( size);   result = memalign(32, size);  printf("Malloc: allocate %d byte mem, start at %p", size, result);  return result;}int main (){  int i,n;  char * buffer;  printf ("How long do you want the string? ");  //scanf ("%d", &i);   i = 200;  buffer = (char*) malloc (i+1);  if (buffer==NULL) exit (1);  for (n=0; n<i; n++)    buffer[n]=rand()%26+'a';  buffer[i]='\0';  printf ("Random string: %s\n",buffer);  free (buffer);  return 0;}

编译选项：

$gcc test_malloc.c -Wl,--wrap=malloc

参考：

• http://sourceware.org/binutils/docs-2.22/ld/Options.html#Options
• http://linux.die.net/man/3/memalign