How do I reimplement (or wrap) a syscall function on Linux?

by

You can use the wrap feature provided by ld. From man ld:

--wrap symbol Use a wrapper function for symbol. Any undefined reference to
symbol will be resolved to __wrap_symbol.

Any undefined reference to __real_symbol will be resolved to symbol.

So you just have to use the prefix __wrap_ for your wrapper function and __real_ when you want to call the real function. A simple example is:

malloc_wrapper.c:

#include <stdio.h>
void *__real_malloc (size_t);

/* This function wraps the real malloc */
void * __wrap_malloc (size_t size)
{
    void *lptr = __real_malloc(size);
    printf("Malloc: %lu bytes @%p\n", size, lptr);
    return lptr;
}

Test application testapp.c:

#include <stdio.h>
#include <stdlib.h>
int main()
{
    free(malloc(1024)); // malloc will resolve to __wrap_malloc
    return 0;
}

Then compile the application:

gcc -c malloc_wrapper.c
gcc -c testapp.c
gcc -Wl,-wrap,malloc testapp.o malloc_wrapper.o -o testapp

The output of the resulting application will be:

$ ./testapp
Malloc: 1024 bytes @0x20d8010

More Related Contents:

  1. Is malloc/free a syscall or a library routine provided by libc?
  2. How to write a signal handler to catch SIGSEGV?
  3. How do I get a thread ID from an arbitrary pthread_t?
  4. how could I intercept linux sys calls?
  5. Is there a better way than parsing /proc/self/maps to figure out memory protection?
  6. Linux function to get mount points
  7. getrandom syscall in C not found
  8. How to know if a Linux system call is restartable or not?
  9. Linux system call table or cheatsheet for Assembly [closed]
  10. Where can I find system call source code?
  11. What are the flags and macros in a Makefile? [closed]
  12. C fopen vs open
  13. Working of fork() in linux gcc [duplicate]
  14. Where is PATH_MAX defined in Linux?
  15. “undefined reference to `pow'” even with math.h and the library link -lm [duplicate]
  16. Build .so file from .c file using gcc command line
  17. How Can I debug a C program on Linux?
  18. Pipe buffer size is 4k or 64k?
  19. How to wait for exit of non-children processes
  20. Compiler using local variables without adjusting RSP
  21. How to access mmaped /dev/mem without crashing the Linux kernel?
  22. How to solve “ptrace operation not permitted” when trying to attach GDB to a process?
  23. What is the rationale for fread/fwrite taking size and count as arguments?
  24. Memory usage of current process in C
  25. What do fully buffered, line buffered and unbuffered mean in C? [closed]
  26. fd leak, custom Shell
  27. How to set up a cron job to run an executable every hour?
  28. Pipes, dup2 and exec()
  29. Size of pid_t, uid_t, gid_t on Linux
  30. How do I lock files using fopen()?

Leave a Comment