Hello there!
I want to reroute system calls made from a child process X to a custom handler, which than returns to the app like it would have, had the call actually gone to the kernel. Ideally, everything should take place in user space and without root rights.
On Linux, I can do this via the ptrace call, but the implementation on macOS looks a little bit limited for me.
My research so far:
- Mach has it's own call "
", which would have been perfect, had Apple actually implemented it, it allows rewriting the system call table to a custom method. Source: https://stackoverflow.com/questions/39909283/catch-system-calls-on-mac-os-xtask_set_emulation
- Interesting read: http://uninformed.org/index.cgi?v=4&a=3&p=14
Can anybody give me some pointers on how to intercept and reroute system calls on macOS?
Thanks in advance,
thejack
PS: https://stackoverflow.com/questions/61144869/replace-syscall-in-userspace-in-various-operating-systems, same question, same author, but sadly, no solution