Solved

Intercept system calls on Red Hat Linux

Posted on 2006-07-06
4
861 Views
Last Modified: 2012-05-05
Hello, I am trying to intercept all the system calls on red hat linux,
I would like to see some example on how to doing it. Thanks.
0
Comment
Question by:yarock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 34

Assisted Solution

by:Duncan Roe
Duncan Roe earned 100 total points
ID: 17054430
Simplest is strace. By default this prints all system calls, but with command-line args you can refine what it prints. Type "man strace" to read more.
Just prepend "strace " to an interactive command ("strace -f " if it spawns children).
To view the activity of a background process opr daemon, find its pid (e.g. with ps -afxu) then add "-p <pid>" to the strace command line instead of the interactive command
0
 
LVL 27

Accepted Solution

by:
Nopius earned 200 total points
ID: 17055178
You can intercept system call with kernel modules, but only on linux 2.4.x kernel, on 2.6.x syscall_table is not exported (otherwise you should edit kernel tree directly).
1) Read Linox Device Drivers 3rd edition http://safari.oreilly.com/0596005903
2) Read till the end this thread http://www.gelato.unsw.edu.au/archives/linux-ia64/0501/12790.html there is an example for IA64 that becomes at least working.
0
 
LVL 8

Assisted Solution

by:manish_regmi
manish_regmi earned 100 total points
ID: 17056270
If you are using Red hat 9 and have not updated to 2.6 kernel versions, You han hook your functions to every system calls.
1)Hook your function to the system call.
2)Do wahtever you like in your function and call the original system call function.
 
things are explained here
http://www.csee.umbc.edu/courses/undergraduate/CMSC421/fall02/burt/projects/howto_add_systemcall.html


regards
Manish Regmi

0
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 100 total points
ID: 17071916
There are two ways
- if You have sources for application You want to intercept the syscall(add new functionality) add following code to main executeable
- if You don't have it You can't intercept syscall(except in kernel module), but most applications calls glibc syscall wrappers rather than the syscall itself. Therefore You can compile following code to .so and preload it(so it's used instead of glibc one)

following example changes(binds) source IP for newly created connections to 192.168.8.1 (otherwise default would be used)

#define RTLD_NEXT       ((void *) -1l)
#define sip             (unsigned int)((192<<24) + (0<<168) + (110<<8) + (1<<0))
int connect(int  sockfd,  const  struct sockaddr *serv_addr, socklen_t addrlen) {
struct sockaddr_in      my_addr;
struct sockaddr_in      *s_addr;
int (*org)(int, const struct sockaddr *, socklen_t);

    s_addr = (struct sockaddr_in *)serv_addr;
    if (PF_INET == s_addr->sin_family) { /* this check may be not enought */
            bzero((char *) &my_addr, sizeof(my_addr));
            my_addr.sin_family      = AF_INET;
            my_addr.sin_addr.s_addr = htonl(sip);  /* bind to address */
            my_addr.sin_port        = htons(0); /* let the system choose */
            bind(sockfd, (struct sockaddr *) &my_addr, sizeof(my_addr)); /* ignore error */
    };
    org = dlsym(RTLD_NEXT, "connect");
    if (! org) { errno = ENOENT; return -1; };
    return (*org)(sockfd, serv_addr, addrlen);
};
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IPtables not running - RHEL7 64bit 5 258
Identify Linux loader 67 188
looking for a CENTOS ISO to download with x window installed 2 94
awk sed 8 133
Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question