如何挂钩我自己进程的所有操作系统调用? [英] How to hook all operating system calls of my own process?

问题描述

我需要劫持我自己进程的所有操作系统调用.我无法重写代码，因为它部分不是我的代码(插件).我需要能够在特定系统调用的实现中决定是否要调用原始实现.

I need to hijack all operating system calls of my own process. I cannot rewrite code as it is partly not my code (plug-ins). I need to be able to decide within my implementation of a specific system call, if I want to call the original implementation or not.

操作系统将首先是 windows xp 和更高版本.稍后的 os x 10.5 及更高版本将随之而来.从 32 位版本的 Windows 开始，之后所有操作系统也都是 64 位版本.

Operating systems will be at first windows xp and higher versions. Later os x 10.5 and higher will follow. Starting on windows with 32 bit versions, later for all operating systems also 64 bit versions.

我找到了很多关于挂钩其他进程的文档和工具，但我希望我的工作更简单，我希望有一些源代码.

I found a lot of documentation and tools about hooking other processes but I would hope my job is much simpler and I would hope for some source code.

非常感谢，伯恩德.

推荐答案

有很多钩子库可以让你做到这一点，例如 Windows 上的 Detours 或 madCodeHook.毫无疑问，OSX 上有类似的库，我只是不知道它们！

There are many hooking libraries that will let you do this, for example Detours or madCodeHook on Windows. No doubt there are similar libraries on OSX, I just don't know them!

挂钩一个例程并将其替换为您自己的实现非常容易.在某些情况下，保留运行原始例程的选项不太容易，而这正是使用挂钩库将为您消除痛苦的地方.

It's very easy to hook a routine and replace it with your own implementation. It's less easy to retain the option of running the original routine in some circumstances, and that's where using a hooking library will take the pain away for you.

这篇关于如何挂钩我自己进程的所有操作系统调用?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！