I wrapped several system call functions such as write (), open (), etc. LD-PRELOAD is used to override the original system calls. Moreover, I defined some more functions and made it a shred library too.
I would like to intercept all system calls from different application processes into these shared libraries before they go into the shared library. How can i do this?
thank
LD_PRELOAD , : ) ; ) .;)
A) libC , , , , INT 0x80 x86, , , , , LD_PRELOAD-libc-interposition.
B) libC , , , libC . LD_PRELOAD .
, strace/ltrace - ptrace(), , , , .
, .
I am sure that the only way to do this is to modify the system call table. HIDS systems (such as Samhain) report this as an intrusion, and Linux kernel developers frowned. Implementation details are very specific to the OS (that is, what works on FreeBSD will not necessarily work on Linux), but the general implementation details will be the same. The kernel module may be the best way to use cleaner, standardized APIs.