One of Windows' strengths has been that such interposition can be done
for any API that is implemented in a DLL, not just the kernel/syscall
interface. (There have been papers about syscall interposition for UNIXes
that worked just on the syscall interface, not for any other.)
Therefore, typically, in Windows a whole slew of different modules
come together in the form of DLLs. Sometimes a module is implemented
by something resembling an OS kernel or device driver - i.e. a shared
library interface that is implemented in a different privilege domain.
Sometimes a module is implemented by message passing or remote
procedure call - marshalling its arguments and sending them to a different
process, perhaps a different computer system. Sometimes a module is just
an ordinary library.
The nice thing about interposition is that you can intercept any such DLL
level API. It's frequently used for profiling.
Doing interposition just for the kernel would be insufficient, although it might
answer the network batch programs' needs - such as Werber's for GNU QUEUE.
There are any number of binary editting tools for UNIXes out there.
Probably at least one of them runs on LINUX. Unfortunately, most
of the ones I know are a bit too low level, but maybe not all are like that.
So, therefore: I don't think that it is appropriate to add such an interposition API
to the LINUX kernel. It is better done at a higher level - in the dynamic link
tools, but also, perhaps, through binary editting on running programs.
It should be noted that API editting is a very specific form of binary editting
- if APIs are first class, and all calls go through interface tables, then
it corresponds solely to changing the interface tables, and involves none
of the complexities of actually editting the call sites (finding free registers,
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to firstname.lastname@example.org
Please read the FAQ at http://www.tux.org/lkml/