I have executable ELF file, that uses library lib.so, and this ELF invokes function Func1 from lib.so I need to hook this function, so it will be replaced with my function, that does something else. How can I do this without changing this executable file ? Answer Take a look at LD_PRELOAD. That environment variable can be set to an
Tag: hook
Receiving socket information from netfilter NF_INET_PRE_ROUTING hook function in linux kernel
I wrote a netfilter hook function for incoming packets in linux kernel. Is there a way to get the receiving socket information from the hook function. The code is Lets assume I have a udp socket open at port 15000 and a udp packet arrives at port 15000. In the above written hook function how can I access the struct
Hook and block globally mouse in X11
I need to hook globally mouse clicks and block last click if delay between two clicks is less than was set. I wrote it for windows using WM_MOUSE_LL hook. I was unable to find any solution for me. Is it even possible to globally block mouse click in X11 ? Windows full code Answer As far as I know the
Linux filesystem nesting and syscall hooking
Using 2.6.32 linux kernel, I need to use a specific filesystem on a block device partition and I wan’t to hook open/write/read/close (and few others) syscalls to read/write, in an other fashion that the specific filesystem, what should be written on this partition. It would be only for this partition, others partitions using this filesystem would act as usual. Fuse
How to slow all time measurements of a process?
I’d like to make an application believe that time is going faster/slower than real time. I.e. I need to make all the time measurement APIs return t0+dt*s with user-defined s when t0+dt is real time. This would affect anything like gettimeofday() as well as timer_gettime() and all related functions and mechanisms (including actual trigger times of timers). I think of
Limiting syscall access for a Linux application
Assume a Linux binary foobar which has two different modes of operation: Mode A: A well-behaved mode in which syscalls a, b and c are used. Mode B: A things-gone-wrong mode in which syscalls a, b, c and d are used. Syscalls a, b and c are harmless, whereas syscall d is potentially dangerous and could cause instability to the