1 unstable release
0.1.0 | Jun 23, 2022 |
---|
#3 in #interception
475KB
11K
SLoC
syscall-intercept-rs
A Rust wrapper of pmem/syscall_intercept, a system call intercepting library on x86_64 Linux.
Usage
Install dependencies:
sudo apt install cmake libcapstone-dev
Add the following lines to your Cargo.toml:
[dependencies]
syscall-intercept = "0.1"
Define your syscall hook function:
use syscall_intercept::*;
extern "C" fn hook(
num: isize,
a0: isize,
a1: isize,
a2: isize,
a3: isize,
a4: isize,
a5: isize,
result: &mut isize,
) -> InterceptResult {
...
}
Enable or disable interception:
unsafe { set_hook_fn(hook) };
unsafe { unset_hook_fn() };
Issue syscall without being intercepted:
let ret = unsafe { syscall_no_intercept(libc::SYS_exit as _, 0) };
License
MIT License
No runtime deps
~225KB