摘要 |
System calls are selectively intercepted by processes. Processes selected to intercept system calls are loaded by a modified loader program which creates an association between the process and a system call wrapper. Pointers in the interrupt vector table to system calls to be intercepted are replaced with pointers to an interception module in operating system address space. When system calls are made, the interception module executes and determines whether the process that made the system call is a selected process, associated with a system call wrapper. If the process is a selected process, the system call wrapper executes. If the process is not a selected process, the system call is made. In one embodiment, system call wrappers execute in the process address space of selected processes. In another embodiment, system call wrappers execute in user address space, but not in the process address space of any specific processes. In yet another embodiment, system call wrappers execute in operating system address space.
|