Solved

Intercept system calls on Red Hat Linux

Posted on 2006-07-06
4
858 Views
Last Modified: 2012-05-05
Hello, I am trying to intercept all the system calls on red hat linux,
I would like to see some example on how to doing it. Thanks.
0
Comment
Question by:yarock
4 Comments
 
LVL 34

Assisted Solution

by:Duncan Roe
Duncan Roe earned 100 total points
ID: 17054430
Simplest is strace. By default this prints all system calls, but with command-line args you can refine what it prints. Type "man strace" to read more.
Just prepend "strace " to an interactive command ("strace -f " if it spawns children).
To view the activity of a background process opr daemon, find its pid (e.g. with ps -afxu) then add "-p <pid>" to the strace command line instead of the interactive command
0
 
LVL 27

Accepted Solution

by:
Nopius earned 200 total points
ID: 17055178
You can intercept system call with kernel modules, but only on linux 2.4.x kernel, on 2.6.x syscall_table is not exported (otherwise you should edit kernel tree directly).
1) Read Linox Device Drivers 3rd edition http://safari.oreilly.com/0596005903
2) Read till the end this thread http://www.gelato.unsw.edu.au/archives/linux-ia64/0501/12790.html there is an example for IA64 that becomes at least working.
0
 
LVL 8

Assisted Solution

by:manish_regmi
manish_regmi earned 100 total points
ID: 17056270
If you are using Red hat 9 and have not updated to 2.6 kernel versions, You han hook your functions to every system calls.
1)Hook your function to the system call.
2)Do wahtever you like in your function and call the original system call function.
 
things are explained here
http://www.csee.umbc.edu/courses/undergraduate/CMSC421/fall02/burt/projects/howto_add_systemcall.html


regards
Manish Regmi

0
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 100 total points
ID: 17071916
There are two ways
- if You have sources for application You want to intercept the syscall(add new functionality) add following code to main executeable
- if You don't have it You can't intercept syscall(except in kernel module), but most applications calls glibc syscall wrappers rather than the syscall itself. Therefore You can compile following code to .so and preload it(so it's used instead of glibc one)

following example changes(binds) source IP for newly created connections to 192.168.8.1 (otherwise default would be used)

#define RTLD_NEXT       ((void *) -1l)
#define sip             (unsigned int)((192<<24) + (0<<168) + (110<<8) + (1<<0))
int connect(int  sockfd,  const  struct sockaddr *serv_addr, socklen_t addrlen) {
struct sockaddr_in      my_addr;
struct sockaddr_in      *s_addr;
int (*org)(int, const struct sockaddr *, socklen_t);

    s_addr = (struct sockaddr_in *)serv_addr;
    if (PF_INET == s_addr->sin_family) { /* this check may be not enought */
            bzero((char *) &my_addr, sizeof(my_addr));
            my_addr.sin_family      = AF_INET;
            my_addr.sin_addr.s_addr = htonl(sip);  /* bind to address */
            my_addr.sin_port        = htons(0); /* let the system choose */
            bind(sockfd, (struct sockaddr *) &my_addr, sizeof(my_addr)); /* ignore error */
    };
    org = dlsym(RTLD_NEXT, "connect");
    if (! org) { errno = ENOENT; return -1; };
    return (*org)(sockfd, serv_addr, addrlen);
};
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
shell script help 1 152
Chinese translation in RedHat 10 56
Error while installing rpm 1 86
WiFi Router device supports GPON! 3 87
Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question