lorenz.stechauner/BSc-Thesis
1
0
Fork 0
Code Activity
Files
ab0b73af5b2f2c3a4ee651e815d6c0a6ce1f3386
BSc-Thesis/doc/README.md
Lorenz Stechauner ab0b73af5b Initial commit
2024-12-30 19:45:48 +01:00

1.1 KiB
Raw Blame History

Intercepting Function/System Calls in Linux

Option 1: LD_PRELOAD

  • No need to re-link
  • Works for all functions
  • Works only on dynamically linked executables

Example:

#include <stdlib.h>
#include <dlfcn.h>
#include <errno.h>

void *malloc(size_t size) {
    // before call to malloc
    void *(* _malloc)(size_t);
    if ((_malloc = dlsym(RTLD_NEXT, "malloc")) == NULL) {
        errno = ENOSYS;
        return NULL;
    }
    void *ret = _malloc(size);
    // after call to malloc
    return ret;
}

Option 2: gcc --wrap

  • Need to re-link
  • Relatively simple code:
    • Function name: __wrap_<symbol>
    • Call to real function inside wrapper: __real_<symbol>
  • Works for all functions
  • Works only on dynamically linked executables

Example:

#include <stdlib.h>

void *__wrap_malloc(size_t size) {
    // before call to malloc
    void *ret = __real_malloc(size);
    // after call to malloc
    return ret;
}

Option 3: Linux kernel

  • Only works with Linux system calls
  • Also works with statically linked executables
View Git Blame Copy Permalink