syscall-intercept 0.1.0

Userspace syscall intercepting library.
Documentation

syscall-intercept-rs

Crate Docs CI

A Rust wrapper of pmem/syscall_intercept, a system call intercepting library on x86_64 Linux.

Usage

Install dependencies:

sudo apt install cmake libcapstone-dev

Add the following lines to your Cargo.toml:

[dependencies]
syscall-intercept = "0.1"

Define your syscall hook function:

use syscall_intercept::*;

extern "C" fn hook(
    num: isize,
    a0: isize,
    a1: isize,
    a2: isize,
    a3: isize,
    a4: isize,
    a5: isize,
    result: &mut isize,
) -> InterceptResult {
    ...
}

Enable or disable interception:

unsafe { set_hook_fn(hook) };
unsafe { unset_hook_fn() };

Issue syscall without being intercepted:

let ret = unsafe { syscall_no_intercept(libc::SYS_exit as _, 0) };

License

MIT License