Expand description
lazypoline-rs - A framework for building syscall interposers
This framework provides tools for intercepting and handling system calls in user-space Linux applications using Syscall User Dispatch (SUD) and binary rewriting for maximum efficiency.
§Getting Started
use lazypoline::{self, syscall, SyscallContext, SyscallAction};
#[lazypoline::syscall_handler]
fn handle_open(ctx: &mut SyscallContext) -> SyscallAction {
println!("Open syscall: {}", unsafe { std::ffi::CStr::from_ptr(ctx.args.rdi as *const i8).to_string_lossy() });
SyscallAction::Allow
}
fn main() -> Result<(), Box<dyn std::error::Error>> {
// Initialize the interposer
let interposer = lazypoline::new()
.handler(handle_open())
.trace(true)
.build()?
.init()?;
// Your application code here
// The interposer is automatically cleaned up when dropped
Ok(())
}Re-exports§
pub use crate::interposer::SyscallHandler;pub use interposer::Interposer;pub use interposer::InterposerBuilder;pub use interposer::InterposerError;pub use syscall::Syscall;pub use syscall::SyscallAction;pub use syscall::SyscallArgs;pub use syscall::SyscallContext;
Modules§
- core
- Core functionality for lazypoline
- ffi
- Foreign function interface for lazypoline
- interposer
- Interposer functionality
- syscall
- Syscall-related types and functionality
- util
- Utility modules for lazypoline
Functions§
- bootstrap_
lazypoline - init
- Initialize lazypoline with default settings
- new
- Create a new interposer builder
- trace
- Shorthand for setting up a simple syscall tracer
Attribute Macros§
- syscall_
enum - Generate a syscall enum from the system’s syscall table
- syscall_
handler - Define a syscall handler function