How to do Binary instrumentation of syscall brk ? (x86-64 Linux) (maybe valgrind?)

Question

I\'d like to instrument syscall brk (and other calls but this in first order, it\'s most important to me) in given binary (preferably on actual syscall/sysenter lev

Answer 1

Yeah, I don't think you want valgrind for this.

You can use LD_PRELOAD or linker tricks to capture brk(2): see these other discussions:

Function interposition in Linux without dlsym

Overriding 'malloc' using the LD_PRELOAD mechanism

Code might look like this:

#include 
#include 

/* prototype int brk(void *addr); */

static int (*real_brk)(void *addr) = NULL;

int brk(void * addr) {

    real_brk = dlsym(RTLD_NEXT, "brk");
    if (real_brk == NULL) {
            fprintf(stderr, "error mapping brk: %s\n", dlerror());
            return -1;
    }
    printf("calling brk(2) for %p\n", addr);
    return (real_brk (addr));
}`   

and then LD_PRELOAD that to intercept brk(2)