What are the possible ways of intercepting system calls on unix environments?. I m looking to do in AIX.
Thanks
views:
193answers:
2
+2
A:
Not familiar with AIX, but the following works on Linux and Solaris. You can use the LD_PRELOAD environment variable, which tells ld.so to load a shared library before libc and then write your own version of the system call, and optionally call the original. man ld.so for more information. Something along the lines of
#include <dlfcn.h>
typedef int (*ioctl_fn)(int, int, void*);
static
int
my_ioctl(int fildes,
int request,
void* argp,
ioctl_fn fn_ptr)
{
int result = 0;
/* call original or do my stuff */
if (request == INTERESTED)
{
result = 0;
}
else
{
result = (*fn_ptr)(fildes, request, argp);
}
return result;
}
/*
* override ioctl() - on first call get a pointer to the "real" one
* and then pass it onto our version of the function
*/
int
ioctl(int fildes,
int request,
void* argp)
{
static ioctl_fn S_fn_ptr = 0;
if (S_fn_ptr == 0)
{
S_fn_ptr = (ioctl_fn)dlsym(RTLD_NEXT, "ioctl");
}
return my_ioctl(fildes, request, argp, S_fn_ptr);
}
Carved this out of some code I had lying around, apologies if I have made it incorrect.
Beano
2009-05-21 10:32:41
Nitpick: You're intercepting (system) library calls, not system calls. Probably what the questioner meant to ask, but worth noting that your answering a slightly different question. Still a +1 answer.
John M
2009-05-21 21:51:07
@John M - I guess the question is a bit vague - to what purpose does @debugger want to intercept the system calls? If it is to modify behaviour, then the above will work, if it is for tracing purposes, then use truss/strace/dtrace or the AIX equivalent, ... Could get all existential and debate "what is a system call". Thanks for the feedback!
Beano
2009-05-22 08:30:24