简体繁体 English

如何挂钩我自己进程的所有操作系统调用？

[英]How to hook all operating system calls of my own process?

原文 2011-05-22 20:46:33 9 3 windows/ api/ macos/ hook

I need to hijack all operating system calls of my own process. 我需要劫持我自己进程的所有操作系统调用。 I cannot rewrite code as it is partly not my code (plug-ins). 我不能重写代码，因为它部分不是我的代码（插件）。 I need to be able to decide within my implementation of a specific system call, if I want to call the original implementation or not. 如果我想调用原始实现，我需要能够在我的特定系统调用的实现中做出决定。

Operating systems will be at first windows xp and higher versions. 操作系统将首先是Windows XP和更高版本。 Later os x 10.5 and higher will follow. 随后os x 10.5及更高版本将随之而来。 Starting on windows with 32 bit versions, later for all operating systems also 64 bit versions. 从具有32位版本的Windows开始，稍后对于所有操作系统也是64位版本。

I found a lot of documentation and tools about hooking other processes but I would hope my job is much simpler and I would hope for some source code. 我找到了许多关于挂钩其他进程的文档和工具，但我希望我的工作更简单，我希望有一些源代码。

Thanks a lot in advance, Bernd. 非常感谢，Bernd。

3 个解决方案

There are many hooking libraries that will let you do this, for example Detours or madCodeHook on Windows. 有许多挂钩库可以让你这样做，例如在Windows上使用Detours或madCodeHook。 No doubt there are similar libraries on OSX, I just don't know them! 毫无疑问OSX上有类似的库，我只是不知道它们！

It's very easy to hook a routine and replace it with your own implementation. 挂钩例程并将其替换为您自己的实现非常容易。 It's less easy to retain the option of running the original routine in some circumstances, and that's where using a hooking library will take the pain away for you. 在某些情况下保留运行原始例程的选项并不容易，而且使用挂钩库会让你痛苦不堪。

On Mac OS X, you can override functions with the DYLD_INTERPOSE macro (and DYLD_INSERT_LIBRARIES , if needed). 在Mac OS X上，您可以使用DYLD_INTERPOSE宏覆盖函数（如果需要，还可以覆盖DYLD_INSERT_LIBRARIES ）。 This answer has an example: Ansi C patch using dlsym compiles OK under linux but fails on Mac Os X 这个答案有一个例子：使用dlsym的Ansi C补丁在linux下编译好但在Mac Os X上失败