Initial commit

doc/README.md

@@ -0,0 +1,59 @@
+
+Intercepting Function/System Calls in Linux
+===========================================
+
+Option 1: `LD_PRELOAD`
+----------------------
+
+* No need to re-link
+* Works for *all* functions
+* Works only on dynamically linked executables
+
+Example:
+```c
+#include <stdlib.h>
+#include <dlfcn.h>
+#include <errno.h>
+
+void *malloc(size_t size) {
+    // before call to malloc
+    void *(* _malloc)(size_t);
+    if ((_malloc = dlsym(RTLD_NEXT, "malloc")) == NULL) {
+        errno = ENOSYS;
+        return NULL;
+    }
+    void *ret = _malloc(size);
+    // after call to malloc
+    return ret;
+}
+```
+
+
+Option 2: `gcc --wrap`
+----------------------
+
+* Need to re-link
+* Relatively simple code:
+  * Function name: `__wrap_<symbol>`
+  * Call to real function inside wrapper: `__real_<symbol>`
+* Works for *all* functions
+* Works only on dynamically linked executables
+
+Example:
+```c
+#include <stdlib.h>
+
+void *__wrap_malloc(size_t size) {
+    // before call to malloc
+    void *ret = __real_malloc(size);
+    // after call to malloc
+    return ret;
+}
+```
+
+
+Option 3: Linux kernel
+----------------------
+
+* Only works with Linux system calls
+* Also works with statically linked executables