About hacking libc

Carlos O'Donell carlos@redhat.com
Mon Jun 17 20:15:00 GMT 2013


On 06/17/2013 04:05 PM, Xinyang Ge wrote:
> On Mon, Jun 17, 2013 at 2:39 PM, Carlos O'Donell
> <carlos@systemhalted.org> wrote:
>> On Mon, Jun 17, 2013 at 10:33 AM, Xinyang Ge <xxg113@cse.psu.edu> wrote:
>>> Thanks all. Does anyone know if there is a unified way to catch up all
>>> open-like library calls?
>>
>> Define "all"? All libraries calls from the user's application or all
>> open calls including those from inside the library?
>>
>> If the former, yes, just preload a shared library.
>>
>> If the latter, no, but possible with something like System Tap.
>>
>> I would be more than happy to see someone work on userspace system tap
>> probe points for all syscalls.
>>
>> Such a probe point would catch everything from within the library in a
>> unified way.
>>
>> Cheers,
>> Carlos.
> 
> I mean all library calls that will ultimately call sys_open.
> Intercepting open library call is not enough because, as you know,
> there are more functions like fopen which would also call sys_open.

Then you need to instrument the open system call entry point
from userspace. I would suggest adding a framework to instrument
the system calls from the glibc side, perhaps using systemtap
probe points (like we already do for the dynamic loader).

That way you can use systemtap userspace probe points to
intercept all open syscalls made by a program, manipulate
the arguments and then continue. You can do this on a per-thread
basis without halting the entire process and the other threads.
You can also do this very efficiently.

Cheers,
Carlos.



More information about the Libc-help mailing list