Skip to content

hc0d3r/spyderhook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
lib
lib
 
 
src
src
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
license.txt
license.txt
 
 

Repository files navigation

Spyderhook

System call hooking library.

Compile

make [target] [options]

Target list:

target description
default (no target defined) Build the library (dynamic and static)
all Build the library (dynamic and static)
install install the library
uninstall Delete files installed by "install" target
clean Delete files generated by "default/all" target

Option list:

option description
PREFIX set prefix to install/uninstall files (default: /usr)
CFLAGS set compiler flags
LDFLAGS set linker flags

Compiling and install

$ make all
$ sudo make install

Linking

$ gcc mysource.c -lspyderhook -o dynamic-linked
$ gcc mysource.c -l:libspyderhook.a -o static-linked

Remove

$ sudo make uninstall

Example

here is a simple fakeroot program:

#include <spyderhook.h>
#include <sys/syscall.h>
#include <sys/ptrace.h>
#include <stdio.h>

int fakeroot(pidinfo_t *info, unsigned long nr, __attribute__((unused)) void *data){
    unsigned long second_parameter;

    switch(nr){
        case SYS_getuid:
        case SYS_geteuid:
        case SYS_getgid:
        case SYS_getegid:
            /* change the return register */
            sh_setreg(info->pid, SH_SYSCALL_RESULT, 0);
            break;

        case SYS_getgroups:
            /* getgroups(len, ptr) */
            sh_setreg(info->pid, SH_SYSCALL_RESULT, 1);
            second_parameter = sh_getreg(info->pid, SH_SECOND_ARG);
            if(second_parameter){
                ptrace(PTRACE_POKETEXT, info->pid, second_parameter, 0);
            }
            break;
    }

    return SH_CONTINUE;
}

int main(int argc, char **argv, char **envp){
    if(argc < 2){
        printf("fakeroot [filename] [args ...]\n");
        return 0;
    }

    int err;

    spyderhook_t *sh = sh_init();

    sh_setopt(sh, SHOPT_FILENAME, argv[1]);
    sh_setopt(sh, SHOPT_ARGV, argv+1);
    sh_setopt(sh, SHOPT_ENVP, envp);
    sh_setopt(sh, SHOPT_RESULT_CALLBACK, fakeroot);

    err = sh_mainloop(sh);
    if(err != SH_SUCCESS){
        printf("error => %d | %s\n", err, sh_strerror(err));
    }

    sh_free(sh);
    return 0;
}

testing:

$ id
uid=1000(nobody) gid=1000(nobody) groups=1000(nobody),998(wheel)
$ gcc fakeroot.c -o fakeroot -lspyderhook
$ ./fakeroot /bin/id
uid=0(root) gid=0(root) grupos=0(root)

Documentation

Someday ...

Contributing

You can help with code, or donating money. There is not a specific code style to follow, just 4 spaces for indentation.

paypal:

btc: 1PpbrY6j1HNPF7fS2LhG9SF2wtyK98GSwq

About

system call hooking library.

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages