1

I'm trying to hook the fopen syscall in linux using Go.

Normally I would use C for something like this (Example: https://stackoverflow.com/a/880278/5572976) but the CTF states that the solution needs to be written in Go.

I've looked at the syscall package and basically what I'm looking for is using the following in Go.

dlsym(RTLD_NEXT, "open");

EDIT: That's open, not fopen.

Community
  • 1
  • 1
Bjørg Henderssen
  • 11
  • 3
  • 1
    This sounds exactly like the sort of question that needs a lot more detail because I am almost sure there are better ways to get to what you *actually* want to accomplish. – Zan Lynx Nov 17 '15 at 17:39
  • @ZanLynx What I'm trying to accomplish is to hook the fopen syscall globally using LD_PRELOAD and change the output of a file with a specific name. Using libraries mixing C and Go is fine as long as the submitted code is Go. – Bjørg Henderssen Nov 17 '15 at 17:46
  • You just restated your question for the most part. The only new bit is "change the output of a file with a specific name." Seems more like a job for `inotify`. – Zan Lynx Nov 17 '15 at 17:49
  • Also you can't hook `fopen` in Go because Go does not even use the C library. When Go makes a system call it makes it directly to the operating system kernel. – Zan Lynx Nov 17 '15 at 17:49
  • Although I suppose that you could interpose `fopen` with C code and call into Go code from there. Of course then your interpose library has a Go runtime in it which can cause all kinds of problems if you load it into a program that already has a Go runtime. – Zan Lynx Nov 17 '15 at 17:52
  • I gave you an example of how I would do it in C, and while it is what I'm trying to do I'm not looking for just the solution (I would've used the C code I linked for that) I want to understand how syscall hooking would be implemented in Go. EDIT: Types this without seeing your responses, sorry. – Bjørg Henderssen Nov 17 '15 at 18:02
  • Your question text is wrong though. Because fopen is not a syscall. – Zan Lynx Nov 17 '15 at 18:05
  • Oh, sorry. I meant **open**, not fopen. – Bjørg Henderssen Nov 17 '15 at 18:10
  • 1
    To help people who may become confused by your question, (as I have), please **consistently** correct your question; I assume it should say *open* everywhere, and not a mixture of *fopen* and *open*. Is that correct? – gbulmer Nov 17 '15 at 20:08
  • BTW, `open` as in the question you linked is not a system call either. It is a call to glibc which then makes an actual system call. – Zan Lynx Nov 17 '15 at 23:59
  • To actually monitor all file access you will need to use inotify to look at a specific file or the audit system or fanotify. Or use SystemTap or kprobe. – Zan Lynx Nov 18 '15 at 00:05

1 Answers1

1

try this Runtime dynamic library loader (dlopen / dlsym) for Go (golang)

James Li
  • 21
  • 2