Menu
I know that you can trap a system call by using ptrace. But what I wanna do is to ignore a system call. So is that possible for ptrace to trap a system call, see its number and if the number is of a system call that has to be ignored, the ptrace stops the system call from proceeding or have the system call return immediately.
The point is that we should have the effect of having the application ignore particular system calls by using ptrace.
216
System calls can be interrupted by any signal, this includes such signals as SIGINT (generated by CTRL-C), SIGHUP, etc.
Intercepting a system call means that you want a function of your own to be called instead of the kernel function implementing a given system call everytime the latter in invoked.
System call provides the services of the operating system to the user programs via Application Program Interface(API). It provides an interface between a process and operating system to allow user-level processes to request services of the operating system.
The kernel allows a thread to be preempted by a more favored thread, even when a system call is executing. This capability provides better system responsiveness for large multi-user systems. Because system calls can be preempted, access to global data must be serialized.
You can try PTRACE_GETREGS and PTRACE_SETREGS.
If you change eip to be after the system call, and eax to make the return value valid, the call may be skipped.
But I didn't try it, and wouldn't be surprised if it didn't work.
125
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
