问题
I need to hijack all operating system calls of my own process. I cannot rewrite code as it is partly not my code (plug-ins). I need to be able to decide within my implementation of a specific system call, if I want to call the original implementation or not.
Operating systems will be at first windows xp and higher versions. Later os x 10.5 and higher will follow. Starting on windows with 32 bit versions, later for all operating systems also 64 bit versions.
I found a lot of documentation and tools about hooking other processes but I would hope my job is much simpler and I would hope for some source code.
Thanks a lot in advance, Bernd.
回答1:
There are many hooking libraries that will let you do this, for example Detours or madCodeHook on Windows. No doubt there are similar libraries on OSX, I just don't know them!
It's very easy to hook a routine and replace it with your own implementation. It's less easy to retain the option of running the original routine in some circumstances, and that's where using a hooking library will take the pain away for you.
回答2:
On Mac OS X, you can override functions with the DYLD_INTERPOSE macro (and DYLD_INSERT_LIBRARIES, if needed). This answer has an example: Ansi C patch using dlsym compiles OK under linux but fails on Mac Os X
回答3:
For Windows, there is the open source alternative to Microsoft Detours called EasyHook:
- CodePlex: EasyHook
- Code Project: EasyHook - The reinvention of Windows API hooking
来源:https://stackoverflow.com/questions/6090685/how-to-hook-all-operating-system-calls-of-my-own-process