本文介绍了Linux模块挂钩进程功能的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个问题,也许您对此有一些了解.我想在运行过程中挂接套接字接收功能(recv)并修改传入的数据.我知道,我可以使用内核模块来执行此操作,但是我找不到有关如何执行此类挂钩的信息.

I have a problem, maybe you have some information about this. I want to hook socket receive function (recv) in running process and modify incoming data.How i know, i can do this using kernel module, but i cant find information about how to do such hook.

我尝试使用Netfilter,iptables等其他方法,但是这些方法会降低速度.

I tried to go another ways like Netfilter, iptables, but these ways to slow.

推荐答案

请注意,可以使用几种不同的syscall,而不仅仅是recv().

Be aware that there are several different syscalls which could be used - not just recv().

假设有问题的应用程序通过C库进行内核交互(而不是手工制作系统调用),并且您可以重新启动它来设置测试,那么一个相当简单的想法就是使用LD_PRELOAD环境变量首先加载一个自定义库,该库将所需的syscall包装器替换为拦截器.

Assuming the application in question does its kernel interaction via the C library (instead of crafting syscalls by hand), and that you can restart it to set up the test, a fairly straightforward idea could be to use the LD_PRELOAD environment variable to first load a custom library which replaces the syscall wrappers of interest with intercepting ones.

或者您可以像strace一样设置syscall拦截,并与感兴趣的猴子一起猴子.

Or you could set up syscall interception the way strace does, and monkey with the ones of interest.

另一种选择是不让应用程序直接连接到远程系统,而是创建一个代理,使其连接到代理,然后使代理连接到远程系统.这样做的主要优点是,它非常便于携带,几乎不需要平台特定的细节.

Another option is to not let the application connect directly to the remote system, but instead create a proxy, have it connect to the proxy, and have the proxy connect to the remote system. A major advantage of this is that it's quite portable, requiring little in the way of platform specific details.

这篇关于Linux模块挂钩进程功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-18 11:11