The syscall_intercept library provides a low-level interface for hooking Linux system calls in user space. This is achieved by disassembling the code of the standard C library, looking for syscall instructions and hot-patching the machine code in a process memory. The syscall_intercept builds on libcapstone - a multi-platform, multi-architecture disassembly framework. In this talk, we will present the motivation for creating this new tool and the reasons for choosing the libcapstone framework as a foundation for syscall_intercept. We will present an in-depth view on the syscall_intercept design and APIs, its features and limitations, and the problems we had to solve while implementing the library. We will also discuss the potential use cases for syscall_intercept in Linux software development.
Krzysztof Czuryło is a Software Architect at Intel, having over 15 years of experience in databases, networking/telecommunication and 3D graphics. For the last three years he is mostly focused on persistent memory programming and algorithms providing effective and fail-safe usage... Read More →