I want to intercept every write system call and modify the data of write syscall when the syscall is directed towards some specific file otherwise do original write syscall.
Now from where I can modify the write syscall. Also, I want the name of the file to which syscall is directed how can I get that from the file descriptor argument in write syscall.
I have tried the LD_PRELOAD trick but it only works on the library calls not on syscalls. I am using ubuntu 18.04.
I would suggest you to write own small device driver (I suggest to look at simple misc device driver). So you will have a file, where you implement the write/read/open/close syscalls. This way you can keep the file in /dev/ filesystem and you 'intercept' all operations on the file misc dev example. If you don't want to implement everything in the kernel space you can take a look to the FUSE driver (you simply mount the fuse filesystem somewhere in the fs and you can also control the file operations but from the userspace now) fuse docs or fuse example
