我怎么可能拦截的Linux SYS电话？ [英] how could I intercept linux sys calls?

问题描述

除了LD_ preLOAD把戏，和Linux内核模块与一个由您提供替代一定的系统调用，是否有可能拦截系统调用（打开为例），因此它首先经过你的函数，前达到的实际开？

Besides the LD_PRELOAD trick , and Linux Kernel Modules that replace a certain syscall with one provided by you , is there any possibility to intercept a syscall ( open for example ) , so that it first goes through your function , before it reaches the actual open ?

推荐答案

如果你真的需要一个解决方案，你可能会感兴趣的DR的rootkit，只是完成此，的 http://www.immunityinc.com/downloads/linux_rootkit_source.tbz2 关于它的文章是在这里的 http://www.theregister.co.uk/2008/09/04/linux_rootkit_released/

if you really need a solution you might be interested in the DR rootkit that accomplishes just this, http://www.immunityinc.com/downloads/linux_rootkit_source.tbz2 the article about it is here http://www.theregister.co.uk/2008/09/04/linux_rootkit_released/

这篇关于我怎么可能拦截的Linux SYS电话？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！