Gcc 拦截GNU tar的openat()系统调用
我试图使用一个自定义共享库拦截Linux上的Gcc 拦截GNU tar的openat()系统调用,gcc,system-calls,libc,intercept,ld-preload,Gcc,System Calls,Libc,Intercept,Ld Preload,我试图使用一个自定义共享库拦截Linux上的openat()系统调用,我可以通过LD\u PRELOAD加载该库。示例intercept openat.c包含以下内容: #define _GNU_SOURCE #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> #include <stdio.h> #include <dlfcn.h> int (*_orig
openat()LD\u PRELOADintercept openat.c#define _GNU_SOURCE
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <stdio.h>
#include <dlfcn.h>
int (*_original_openat)(int dirfd, const char *pathname, int flags, mode_t mode);
void init(void) __attribute__((constructor));
int openat(int dirfd, const char *pathname, int flags, mode_t mode);
void init(void)
{
_original_openat = (int (*)(int, const char *, int, mode_t))
dlsym(RTLD_NEXT, "openat");
}
int openat(int dirfd, const char *pathname, int flags, mode_t mode)
{
fprintf(stderr, "intercepting openat()...\n");
return _original_openat(dirfd, pathname, flags, mode);
}
openat()$ LD_PRELOAD=./intercept-openat.so ./openat
intercepting openat()...
$ strace -e openat tar cf /tmp/t.tgz .vimrc
openat(AT_FDCWD, ".vimrc", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW|O_CLOEXEC) = 4
$ LD_PRELOAD=./intercept-openat.so tar cf /tmp/t.tgz .vimrc
因此,
intercept openat中的自定义openat()
。因此,ptrace谢谢你为我指明了正确的方向
taropenat()\uu openat_2()int\uu openat_2(int dirfd,const char*pathname,int flags,mode\u t mode)\uu属性(别名(“openat”)\uuu openat_2openatltrace$ strace -e openat tar cf /tmp/t.tgz .vimrc
openat(AT_FDCWD, ".vimrc", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW|O_CLOEXEC) = 4
$ LD_PRELOAD=./intercept-openat.so tar cf /tmp/t.tgz .vimrc