Re: About hacking libc

[Xinyang Ge <xxg113 at cse dot psu dot edu>]

On Mon, Jun 17, 2013 at 4:15 PM, Carlos O'Donell <carlos@redhat.com> wrote:
> On 06/17/2013 04:05 PM, Xinyang Ge wrote:
>> On Mon, Jun 17, 2013 at 2:39 PM, Carlos O'Donell
>> <carlos@systemhalted.org> wrote:
>>> On Mon, Jun 17, 2013 at 10:33 AM, Xinyang Ge <xxg113@cse.psu.edu> wrote:
>>>> Thanks all. Does anyone know if there is a unified way to catch up all
>>>> open-like library calls?
>>>
>>> Define "all"? All libraries calls from the user's application or all
>>> open calls including those from inside the library?
>>>
>>> If the former, yes, just preload a shared library.
>>>
>>> If the latter, no, but possible with something like System Tap.
>>>
>>> I would be more than happy to see someone work on userspace system tap
>>> probe points for all syscalls.
>>>
>>> Such a probe point would catch everything from within the library in a
>>> unified way.
>>>
>>> Cheers,
>>> Carlos.
>>
>> I mean all library calls that will ultimately call sys_open.
>> Intercepting open library call is not enough because, as you know,
>> there are more functions like fopen which would also call sys_open.
>
> Then you need to instrument the open system call entry point
> from userspace. I would suggest adding a framework to instrument
> the system calls from the glibc side, perhaps using systemtap
> probe points (like we already do for the dynamic loader).
>
> That way you can use systemtap userspace probe points to
> intercept all open syscalls made by a program, manipulate
> the arguments and then continue. You can do this on a per-thread
> basis without halting the entire process and the other threads.
> You can also do this very efficiently.
>
> Cheers,
> Carlos.
>

Thanks. I'll take a look.

Best,
Xinyang

--
Xinyang GE
Department of Computer Science & Engineering
The Pennsylvania State University
Homepage: http://www.cse.psu.edu/~xxg113/