Re: Control an applications file system calls
Re: Control an applications file system calls
- Subject: Re: Control an applications file system calls
- From: Quinn <email@hidden>
- Date: Wed, 24 Nov 2004 16:18:04 +0000
At 8:13 +0100 16/11/04, email@hidden wrote:
I would like be able to lunch ANY GIVEN application and gain full
control over its file system calls (read, write, open, close, etc)
Notes:
1) I have NO control over the building of the application I want to
intercept.....
2) I have seen such an implementation which involves replacing the
entire "mach_kernel", I'd prefer not going down that path.
A wise move.
(a kernel extension is OK)
You should be able to do this entirely from within user space, and
I'd definitely recommend that rather than trying to hack around
inside the kernel. I can think of two approaches that might work.
1. debug it -- You could do something similar to what GDB does, that
is, run the process as your child and set 'breakpoints' on each of
the system calls of interest. This wouldn't work for statically
linked binaries, but that's not something that we support on Mac OS X
anyway (except for dyld itself, of course).
2. VMM -- A much scarier prospect is to run the target process under
Mac OS X's virtual machine monitor (VMM) support. This allows you to
redirect all system calls (while the target process is in monitored
mode) to the monitor, which is running within the same process.
Scary stuff, and totally undocumented.
If I was doing this I'd probably choose option 1.
S+E
--
Quinn "The Eskimo!" <http://www.apple.com/developer/>
Apple Developer Technical Support * Networking, Communications, Hardware
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden