syscall hook demo

[w296488320]

Can you provide an annotated, detailed syscall hook demo?
In syscall-hook.md is a blank file, and can I use hook_wrap3 to do hook syscall? The code is similar to that of the one as follows.

orig_readlinkat = (typeof(orig_readlinkat))kallsyms_lookup_name("sys_readlinkat");
    if (!orig_readlinkat) {
        pr_err("runtime_kpm: failed to get sys_readlinkat address\n");
        return;
    }
    hook_err_t err = hook_wrap3((void *)orig_readlinkat, 0, new_readlinkat, 0);
    if (err) {
        pr_err("runtime_kpm: hooking readlinkat error: %d\n", err);
        return;
    }
    pr_info("runtime_kpm: readlinkat syscall hooked successfully\n");

What I don't quite understand is some difference between fp _ hook _ syscalln and hook_wrap3, better if you could write the difference in the method header file or some more notes in the demo.

[bmax121]

fp hook means replace function pointer, system-call table is a function pointer table
hook wrap is inline hook,
and fp-hook and hook-wrap both support hook function multiple times, just like xposed, so that multiple modules can hook one function at the same times

[w296488320]

Thanks again for your reply. If I can improve the document, I believe more people will learn and use apatch 。