syscall_intercept - A User Space Library for Intercepting System Calls - Krzysztof Czurylo, Intel
The syscall_intercept library provides a low-level interface for hooking Linux system calls in user space. This is achieved by disassembling the code of the standard C library, looking for syscall ins …
| Talk Title | syscall_intercept - A User Space Library for Intercepting System Calls - Krzysztof Czurylo, Intel |
| Speakers | Krzysztof Czuryło (Senior Software Engineer, Intel) |
| Conference | Open Source Summit Europe |
| Conf Tag | |
| Location | Prague, Czech Republic |
| Date | Oct 21-27, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
The syscall_intercept library provides a low-level interface for hooking Linux system calls in user space. This is achieved by disassembling the code of the standard C library, looking for syscall instructions and hot-patching the machine code in a process memory. The syscall_intercept builds on libcapstone - a multi-platform, multi-architecture disassembly framework. In this talk, we will present the motivation for creating this new tool and the reasons for choosing the libcapstone framework as a foundation for syscall_intercept. We will present an in-depth view on the syscall_intercept design and APIs, its features and limitations, and the problems we had to solve while implementing the library. We will also discuss the potential use cases for syscall_intercept in Linux software development.
