a quick open/close/ioctl/read/write/free function hooker
C Makefile
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

ldpreloadhook

a quick open/close/ioctl/read/write/free symbol hooker

Usage:

  1. Compile:
      $ gcc -fPIC -c -o hook.o hook.c
      $ gcc -shared -o hook.so hook.o -ldl
  1. preload the library and run the command you want to hook:
      LD_PRELOAD="./hook.so" command

Optionally, if you want to spy a concrete file you can set the environment variable SPYFILE, for example /dev/serio_raw0:

      LD_PRELOAD="./hook.so" SPYFILE="/dev/serio_raw0" command

All data read from this file will be saved in /tmp/read_data.bin

All data written to this file will be saved in /tmp/write_data.bin

Optionally, if you want to have a delimiter set in the read/write data files each time the file is opened, you can set the environment variable DELIMITER:

      LD_PRELOAD="./hook.so" SPYFILE="/dev/serio_raw0" DELIMITER="---" command

You can also spy on free() calls by setting the environment variable SPYFREE, this will print the contents of every buffer before free()ing them:

      LD_PRELOAD="./hook.so" SPYFREE=1 command