Project Icon

zpoline

High-Performance Linux System Call Hook Neglecting Kernel Changes

Product Descriptionzpoline presents a system call hook for Linux, surpassing ptrace by 100 times in speed and guaranteeing comprehensive system call interception without user-space code or kernel modification. Utilizing in-memory binary rewriting rather than altering program binaries, it proves reliable beyond conventional methods. Designed for x86-64, zpoline relies on libopcodes from binutils, employing trampoline code at virtual address 0 to substitute syscall instructions. Setup is straightforward with LD_PRELOAD, allowing the integration of personalized hook functions for efficient system call monitoring, as illustrated in provided examples.
Project Details