当先锋百科网

首页 1 2 3 4 5 6 7

你有很多的选择,因为你提到使用)的LD_PRELOAD包装写(读/()函数是一个不错的办法。

我建议你使用UNIX的ptrace(2)抓住了所需的系统调用和传递参数给自己的函数。

例子:

#include

#include

#include

#include

#include

#include

int main()

{ pid_t child;

long orig_eax, eax;

long params[3];

int status;

int insyscall = 0;

child = fork();

if(child == 0) {

ptrace(PTRACE_TRACEME, 0, NULL, NULL);

execl("/bin/ls", "ls", NULL);

}

else {

while(1) {

wait(&status);

if(WIFEXITED(status))

break;

orig_eax = ptrace(PTRACE_PEEKUSER,

child, 4 * ORIG_EAX, NULL);

if(orig_eax == SYS_write) {

if(insyscall == 0) {

insyscall = 1;

params[0] = ptrace(PTRACE_PEEKUSER,

child, 4 * EBX,

NULL);

params[1] = ptrace(PTRACE_PEEKUSER,

child, 4 * ECX,

NULL);

params[2] = ptrace(PTRACE_PEEKUSER,

child, 4 * EDX,

NULL);

printf("Write called with "

"%ld, %ld, %ld\n",

params[0], params[1],

params[2]);

}

else {

eax = ptrace(PTRACE_PEEKUSER,

child, 4 * EAX, NULL);

printf("Write returned "

"with %ld\n", eax);

insyscall = 0;

}

}

ptrace(PTRACE_SYSCALL,

child, NULL, NULL);

}

}

return 0;

}