METHOD AND SYSTEM FOR FACILITATING REPLACEMENT OF SYSTEM CALLS

摘要

An example method includes modifying, prior to run time, an executable file of an application to cause an operating system loader to load additional code using a dynamically-linked library. Modifying the executable file includes determining whether the executable file includes sufficient unused space to accommodate a load command, and adding the load command to the executable file when the executable file includes sufficient unused space by: shifting, in the executable file, an existing load command that does not contain dependency information to make space for the load command; or identifying unused space outside of a data portion of the executable file that can be removed to accommodate the load command. The additional code, when executed by a processor, causes the processor to change a pointer in a table that indicates an address of an imported function implementing a system call so the pointer indicates an address of a customized function.

主权项

1. A method, comprising:
modifying, prior to run time, an executable file of an application to cause an operating system loader to load additional code using a dynamically-linked library, wherein modifying the executable file comprises:
determining whether the executable file includes sufficient unused space to accommodate a load command; andadding the load command to the executable file when the executable file includes sufficient unused space by: shifting, in the executable file, an existing load command that does not contain dependency information to make space for the load command; or identifying unused space outside of a data portion of the executable file that can be removed to accommodate the load command; wherein the additional code, when executed by a processor, causes the processor to change a pointer in a table that indicates an address of an imported function implementing a system call so that the pointer indicates an address of a customized function.