Common System Call Hooks

For the sake of being thorough, Table 2-1 outlines some of the most common system call hooks.

Table 2-1. Common System Call Hooks

System Call

Purpose of Hook

read, readv, pread, preadv

Logging input

write,writev,pwrite, pwritev

Logging output

open

Hiding file contents

unlink

Preventing file removal

chdir

Preventing directory traversal

chmod

Preventing file mode modification

chown

Preventing ownership change

kill

Preventing signal sending

ioctl

Manipulating ioctl requests

execve

Redirecting file execution

rename

Preventing file renaming

rmdir

Preventing directory removal

stat, lstat

Hiding file status

getdirentries

Hiding files

truncate

Preventing file truncating or extending

kldload

Preventing module loading

kldunload

Preventing module unloading

Now let's ...

Get Designing BSD Rootkits now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial