How to connect all the operating system calls of my own process?

Question

How to connect all the operating system calls of my own process?

I need to capture all the operating system calls of my own process. I can not rewrite the code, because this is partially not my code (plugins). I need to be able to decide, as part of my implementation, a specific system call if I want to call the original implementation or not.

Operating systems will be in the first xp windows and higher versions. Later os x 10.5 and higher will follow. Starting with windows with 32-bit versions, later 64-bit versions are also used for all operating systems.

I found a lot of documentation and tools about connecting other processes, but I hope that my work will be much easier, and I hope for some kind of source code.

Thanks a lot, Bernd.

+3

windows api hook macos

to-die-for May 22, '11 at 20:46

source share

3 answers

On Mac OS X, you can override functions with a macro DYLD_INTERPOSE(and DYLD_INSERT_LIBRARIES, if necessary). This answer provides an example: Ansi C patch using dlsym compiles OK under Linux but does not work on Mac Os X

+1

bk1e May 23 '11 at 7:34

source share

For Windows, there is an open source alternative to Microsoft Detours called EasyHook:

0

Alexander Nov 19 '12 at 5:00

source share

David heffernan · Accepted Answer · 2011-05-22T21:18:56+0000

There are many connection libraries that will allow you to do this, such as Detours or madCodeHook on Windows. No doubt OSX has similar libraries, I just don't know them!

It is very easy to hook up a routine and replace it with your own implementation. It’s less easy to keep the ability to run the original routine in some cases, as well as the fact that using the interception library will take on pain.

How to connect all the operating system calls of my own process?

More articles: