Can I hook the file I/O APIs in WSL(Windows Subsystem for Linux)?
For example when Ubunbu is installed on Windows 10 and "ls" command is issued, I'd like to hook the file I/O APIs.
According to MSDN, the system calls on Linux is converted to the native Windows API by lxss.sys and lxcore.sys drivers.
Is it possible with madCodeHook?
Does the Linux subsystem support printing, and is that converted to Windows printers, as well? If so, you could check if this print monitor demo works to capture WSL printing, for example:
(Please note that this demo is only signed with a conventional certificate, but not with an EV certificate, which means it might not support Windows 10 Secure Boot. So you may have to test on a VM with disabled Secure Boot to successfully run this demo.)