how could I intercept linux sys calls?
来源:互联网 发布:c语言求最大公约数算法 编辑:程序博客网 时间:2024/06/08 13:53
原文地址::http://stackoverflow.com/questions/69859/how-could-i-intercept-linux-sys-calls
Why can't you / don't want to use the LD_PRELOAD trick?
Example code here:
/* * File: soft_atimes.c * Author: D.J. Capelis * * Compile: * gcc -fPIC -c -o soft_atimes.o soft_atimes.c * gcc -shared -o soft_atimes.so soft_atimes.o -ldl * * Use: * LD_PRELOAD="./soft_atimes.so" command * * Copyright 2007 Regents of the University of California */#define _GNU_SOURCE#include <dlfcn.h>#define _FCNTL_H#include <bits/fcntl.h>extern int errorno;int (*_open)(const char * pathname, int flags, ...);int (*_open64)(const char * pathname, int flags, ...);int open(const char * pathname, int flags, mode_t mode){ _open = (int (*)(const char * pathname, int flags, ...)) dlsym(RTLD_NEXT, "open"); if(flags & O_CREAT) return _open(pathname, flags | O_NOATIME, mode); else return _open(pathname, flags | O_NOATIME, 0);}int open64(const char * pathname, int flags, mode_t mode){ _open64 = (int (*)(const char * pathname, int flags, ...)) dlsym(RTLD_NEXT, "open64"); if(flags & O_CREAT) return _open64(pathname, flags | O_NOATIME, mode); else return _open64(pathname, flags | O_NOATIME, 0);}
From what I understand... it is pretty much the LD_PRELOAD trick or a kernel module. There's not a whole lot of middle ground unless you want to run it under an emulator which can trap out to your function or do code re-writing on the actual binary to trap out to your function.
Assuming you can't modify the program and can't (or don't want to) modify the kernel, the LD_PRELOAD approach is the best one, assuming your application is fairly standard and isn't actually one that's maliciously trying to get past your interception. (In which case you will need one of the other techniques.)
- how could I intercept linux sys calls?
- How system calls work in Linux
- linux calls
- How Many Calls? UVA
- UVA 10518 How Many Calls?
- How dvm calls native method
- UVA 10518 How Many Calls?
- How dvm calls native method
- UVA 10518 How Many Calls?
- UVA 10518 How Many Calls?
- uva 10518How Many Calls?
- uva 10518 How Many Calls?
- Initialization calls in Linux
- Linux System Calls
- UVA10518 - How Many Calls?(矩阵快速幂)
- How do I restart Linux network service?
- How do I restart Linux network service?
- How do I update Ubuntu Linux softwares?
- 引用数据类型及与基本数据类型的区别
- android dialog dismiss cancel hide 的区别
- Databinding中的BindingConversion的使用
- MySQL 设置表的编码
- Unity中的Attribute使用总结
- how could I intercept linux sys calls?
- Android Studio打包遇见的一些问题
- java.lang.RuntimeException: Invalid action class configuration that references an unknown class name
- 关于网络汇编器的说明
- Swift联网测试
- 添加背景音乐地址
- UI特效和UI重叠问题
- c++ 单例模式下的实例自动销毁(单例自动回收器)
- RabbitMQ 学习(一)