如何在Linux上重新实现(或包装)syscall函数? [英] How do I reimplement (or wrap) a syscall function on Linux?
问题描述
假设我想完全接管open()系统调用,也许要包装实际的syscall并执行一些日志记录. 一种方法这是使用LD_PRELOAD 加载一个(用户制作的)共享对象库,该库将接管open()入口点.
Suppose I want to completely take over the open() system call, maybe to wrap the actual syscall and perform some logging. One way to do this is to use LD_PRELOAD to load a (user-made) shared object library that takes over the open() entry point.
然后,用户制作的open()例程通过dlsym()
对其进行调用并获取指向glibc函数open()
的指针.
The user-made open() routine then obtains the pointer to the glibc function open()
by dlsym()
ing it, and calling it.
但是,以上提出的解决方案是动态解决方案.假设我想静态链接我自己的open()
包装器.我该怎么办?我猜想机制是一样的,但是我也猜想用户定义的open()
和libc open()
之间会出现符号冲突.
The solution proposed above is a dynamic solution, however. Suppose I want to link my own open()
wrapper statically. How would I do it? I guess the mechanism is the same, but I also guess there will be a symbol clash between the user-defined open()
and the libc open()
.
请分享其他任何技术来实现相同的目标.
Please share any other techniques to achieve the same goal.
推荐答案
您可以使用ld
提供的包装功能.来自man ld
:
You can use the wrap feature provided by ld
. From man ld
:
--wrap symbol
对符号使用包装函数.任何未定义的引用symbol
将解析为__wrap_symbol
.
--wrap symbol
Use a wrapper function for symbol. Any undefined reference tosymbol
will be resolved to__wrap_symbol
.
任何对__real_symbol
的未定义引用都将解析为symbol
.
Any undefined reference to __real_symbol
will be resolved to symbol
.
因此,您只需为包装函数使用前缀__wrap_
,并在要调用实函数时使用__real_
.一个简单的例子是:
So you just have to use the prefix __wrap_
for your wrapper function and __real_
when you want to call the real function. A simple example is:
malloc_wrapper.c
:
#include <stdio.h>
void *__real_malloc (size_t);
/* This function wraps the real malloc */
void * __wrap_malloc (size_t size)
{
void *lptr = __real_malloc(size);
printf("Malloc: %lu bytes @%p\n", size, lptr);
return lptr;
}
测试应用程序testapp.c
:
#include <stdio.h>
#include <stdlib.h>
int main()
{
free(malloc(1024)); // malloc will resolve to __wrap_malloc
return 0;
}
然后编译应用程序:
gcc -c malloc_wrapper.c
gcc -c testapp.c
gcc -Wl,-wrap,malloc testapp.o malloc_wrapper.o -o testapp
生成的应用程序的输出将是:
The output of the resulting application will be:
$ ./testapp
Malloc: 1024 bytes @0x20d8010
这篇关于如何在Linux上重新实现(或包装)syscall函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!