WSL(Windows Subsystem for Linux) hooking?

c++ / delphi package - dll injection and api hooking

WSL(Windows Subsystem for Linux) hooking?

Postby chaos072 » Fri Feb 14, 2020 7:54 am

Hi

Can I hook the file I/O APIs in WSL(Windows Subsystem for Linux)?

For example when Ubunbu is installed on Windows 10 and "ls" command is issued, I'd like to hook the file I/O APIs.

According to MSDN, the system calls on Linux is converted to the native Windows API by lxss.sys and lxcore.sys drivers.

Is it possible with madCodeHook?

Thanks.
chaos072
 
Posts: 21
Joined: Wed Mar 20, 2013 2:22 am

Re: WSL(Windows Subsystem for Linux) hooking?

Postby madshi » Fri Feb 14, 2020 9:05 am

If the Linux subsystem converts to native win32 APIs then yes, madCodeHook should be able to hook that, as well. That is, if DLL injection into the WSL works at all. But I assume it would. Never actually tested that, though.

Does the Linux subsystem support printing, and is that converted to Windows printers, as well? If so, you could check if this print monitor demo works to capture WSL printing, for example:

http://madshi.net/PrintMonitor.zip

(Please note that this demo is only signed with a conventional certificate, but not with an EV certificate, which means it might not support Windows 10 Secure Boot. So you may have to test on a VM with disabled Secure Boot to successfully run this demo.)
madshi
Site Admin
 
Posts: 10232
Joined: Sun Mar 21, 2004 5:25 pm


Return to madCodeHook

Who is online

Users browsing this forum: No registered users and 14 guests

cron