WSL(Windows Subsystem for Linux) hooking?

c++ / delphi package - dll injection and api hooking
Post Reply
chaos072
Posts: 21
Joined: Wed Mar 20, 2013 2:22 am

WSL(Windows Subsystem for Linux) hooking?

Post by chaos072 »

Hi

Can I hook the file I/O APIs in WSL(Windows Subsystem for Linux)?

For example when Ubunbu is installed on Windows 10 and "ls" command is issued, I'd like to hook the file I/O APIs.

According to MSDN, the system calls on Linux is converted to the native Windows API by lxss.sys and lxcore.sys drivers.

Is it possible with madCodeHook?

Thanks.
madshi
Site Admin
Posts: 10342
Joined: Sun Mar 21, 2004 5:25 pm

Re: WSL(Windows Subsystem for Linux) hooking?

Post by madshi »

If the Linux subsystem converts to native win32 APIs then yes, madCodeHook should be able to hook that, as well. That is, if DLL injection into the WSL works at all. But I assume it would. Never actually tested that, though.

Does the Linux subsystem support printing, and is that converted to Windows printers, as well? If so, you could check if this print monitor demo works to capture WSL printing, for example:

http://madshi.net/PrintMonitor.zip

(Please note that this demo is only signed with a conventional certificate, but not with an EV certificate, which means it might not support Windows 10 Secure Boot. So you may have to test on a VM with disabled Secure Boot to successfully run this demo.)
Post Reply