syscall-intercept 0.1.0

Userspace syscall intercepting library.
Documentation
  • Coverage
  • 75%
    6 out of 8 items documented0 out of 3 items with examples
  • Size
  • Source code size: 649.06 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 296.05 kB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 13s Average build duration of successful builds.
  • all releases: 13s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Homepage
  • madsys-dev/syscall-intercept-rs
    7 1 0
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • wangrunji0408

syscall-intercept-rs

Crate Docs CI

A Rust wrapper of pmem/syscall_intercept, a system call intercepting library on x86_64 Linux.

Usage

Install dependencies:

sudo apt install cmake libcapstone-dev

Add the following lines to your Cargo.toml:

[dependencies]
syscall-intercept = "0.1"

Define your syscall hook function:

use syscall_intercept::*;

extern "C" fn hook(
    num: isize,
    a0: isize,
    a1: isize,
    a2: isize,
    a3: isize,
    a4: isize,
    a5: isize,
    result: &mut isize,
) -> InterceptResult {
    ...
}

Enable or disable interception:

unsafe { set_hook_fn(hook) };
unsafe { unset_hook_fn() };

Issue syscall without being intercepted:

let ret = unsafe { syscall_no_intercept(libc::SYS_exit as _, 0) };

License

MIT License