This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: About hacking libc
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Xinyang Ge <xxg113 at cse dot psu dot edu>
- Cc: "Carlos O'Donell" <carlos at systemhalted dot org>, Ángel González <keisial at gmail dot com>, libc-help at sourceware dot org
- Date: Mon, 17 Jun 2013 16:15:29 -0400
- Subject: Re: About hacking libc
- References: <CACY857JO7HoMRQyX1sb1gqR0DzK0PksBy0OPd7awCVbBSVKCPQ at mail dot gmail dot com> <CAE2sS1hv8CU45snKVOSzqYv-J9f4GcVp6v8GyAEg93cSQ=NWow at mail dot gmail dot com> <517EF6C4 dot 5040001 at gmail dot com> <CACY857+juSev+G6GQQdW6L5S4LF+9TWLSD27XDBLYsQz4xCuEg at mail dot gmail dot com> <CAE2sS1h7uE00fQwuUXQF1A2F0sp_K3o798fkR1fi_fZVLhHYgw at mail dot gmail dot com> <CACY857LQCdvfJR4ARuMmCTmqTWAv83JS34cpE5d2mFnUSpEi_Q at mail dot gmail dot com>
On 06/17/2013 04:05 PM, Xinyang Ge wrote:
> On Mon, Jun 17, 2013 at 2:39 PM, Carlos O'Donell
> <carlos@systemhalted.org> wrote:
>> On Mon, Jun 17, 2013 at 10:33 AM, Xinyang Ge <xxg113@cse.psu.edu> wrote:
>>> Thanks all. Does anyone know if there is a unified way to catch up all
>>> open-like library calls?
>>
>> Define "all"? All libraries calls from the user's application or all
>> open calls including those from inside the library?
>>
>> If the former, yes, just preload a shared library.
>>
>> If the latter, no, but possible with something like System Tap.
>>
>> I would be more than happy to see someone work on userspace system tap
>> probe points for all syscalls.
>>
>> Such a probe point would catch everything from within the library in a
>> unified way.
>>
>> Cheers,
>> Carlos.
>
> I mean all library calls that will ultimately call sys_open.
> Intercepting open library call is not enough because, as you know,
> there are more functions like fopen which would also call sys_open.
Then you need to instrument the open system call entry point
from userspace. I would suggest adding a framework to instrument
the system calls from the glibc side, perhaps using systemtap
probe points (like we already do for the dynamic loader).
That way you can use systemtap userspace probe points to
intercept all open syscalls made by a program, manipulate
the arguments and then continue. You can do this on a per-thread
basis without halting the entire process and the other threads.
You can also do this very efficiently.
Cheers,
Carlos.