syscall-intercept-rs

Requirements

Install dependencies in Ubuntu.

sh sudo apt install cmake libcapstone-dev

lib of syscallintercept also are required.[FIXME] github addr of syscallintercept https://github.com/pmem/syscall_intercept

Add the following lines to your Cargo.toml:

[dependencies] libsyscall-intercept = "0.1.1"

Usage

lib.rs in your code ``` use std::cell::Cell;

[macro_use]

extern crate ctor; use libsyscallintercept::{sethook_fn,InterceptResult};

[ctor]

fn initpreload() { unsafe { sethook_fn(hook) }; }

extern "C" fn hook( num: i64, a0: i64, _a1: i64, _a2: i64, _a3: i64, _a4: i64, _a5: i64, result: *mut i64, ) -> i32 { // detect and avoid recursive interception let _guard = match InterceptGuard::trylock() { Some(g) => g, None => return InterceptResult::Forward as i32, }; if num == libc::SYSgetdents64 || num == libc::SYSgetdents { unsafe { *result = -libc::ENOTSUP as i64; } return InterceptResult::Hook as i32; } InterceptResult::Forward as i32 }

thread_local! { static INTERCEPTED: Cell = Cell::new(false); }

struct InterceptGuard;

impl InterceptGuard { fn try_lock() -> Option { INTERCEPTED.with(|x| { if x.get() { None } else { x.set(true); Some(InterceptGuard) } }) } }

impl Drop for InterceptGuard { fn drop(&mut self) { INTERCEPTED.with(|x| x.set(false)); } } ```

Cargo.toml as below ``` [package] name = "my-lib-test" version = "0.1.0" edition = "2021"

See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies] ctor = "0.2.0" libc = "0.2" libsyscall-intercept = "0.1.1"

[lib] name = "rintercept" crate-type = ["dylib"]

```

and then run command : cargo build LD_PRELOAD=./target/debug/librintercept.so ls will see command ls is not support.