example.c does not work

[mycastiel]

I try to intercept a few syscalls. And I decided to run example.c listed inside README to see if it works.

#include <libsyscall_intercept_hook_point.h>
#include <syscall.h>
#include <errno.h>

static int
hook(long syscall_number,
			long arg0, long arg1,
			long arg2, long arg3,
			long arg4, long arg5,
			long *result)
{
	if (syscall_number == SYS_getdents) {
		/*
		 * Prevent the application from
		 * using the getdents syscall. From
		 * the point of view of the calling
		 * process, it is as if the kernel
		 * would return the ENOTSUP error
		 * code from the syscall.
		 */
		*result = -ENOTSUP;
		return 0;
	} else {
		/*
		 * Ignore any other syscalls
		 * i.e.: pass them on to the kernel
		 * as would normally happen.
		 */
		return 1;
	}
}

static __attribute__((constructor)) void
init(void)
{
	// Set up the callback function
	intercept_hook_point = hook;
}

$ cc example.c -lsyscall_intercept -fpic -shared -o example.so
$ LD_LIBRARY_PATH=. LD_PRELOAD=example.so ls

However, ls works. It shows everything under the current directory.

I am using Ubuntu 22.04.2 LTS.

Could anyone help me with that?

[mycastiel]

And I tried to print the syscall number, and it shows that only syscall number 231 been called. It's SYS_exit_group.

Anyone knows what's going on?

[DanielLee343]

@mycastiel Hi, I face the same problem. It turns out ls does not involve getdents() syscall but rather the getdents64(), see runningstrace on ls:

...
getdents64(3, /* 162 entries */, 32768) = 7472
getdents64(3, /* 0 entries */, 32768)   = 0
...

So if you change the SYS_getdents to SYS_getdents64 in the example, then it will perfectly intercept.

cc@uc-inst-1:~/syscall_intercept/test$ LD_LIBRARY_PATH=. LD_PRELOAD=example.so ls
ls: reading directory '.': Operation not supported