Override system call for my application only in debian
Question
I have requirement where I want to intercept system calls in my running threads and log that information. My kernel version is 3.15.10
I know one way where I can get system call address and then jump to different system call number form that address. But, the problem with this approach is if something went wrong my system will be down.
What I want is to override system call for my application only
1 answers
solution1
1 2015-05-26 20:39:40
If you have the source for the application and can recompile, you can use a macro definition to change the system call to something else that does your override (and then, usually, the original system call).
#define rmdir(p) overridden_rmdir(p)
With overridden_rmdir defined in a library in your link path.
If you can't do that for some reason, but can still recompile, you can generate assembler output and edit it (as with a sed script) to include the modifications you want.
If you can't recompile or relink, you might be able to disassemble the binaries and edit the assembler output, as mentioned above.
Another possibility is to run this app in a virtual machine with a different kernel, where the kernel is modified to use the overridden system call.
Hope this is helpful.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.