Re: How to intercept a sys call.


"Kasper Dupont"
<72993125347571397778@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:43AF0B0B.BDCAB31@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

> David Schwartz wrote:

>> However, you have to admit that it wouldn't be particularly difficult
>> to
>> resolve all of these problems and create a simple, supported way to hook
>> every system call.

> I guess the primary reason it hasn't been done is, that it
> would impose a performance penalty on *every* system call
> for no good reason.

The penalty would just be the time it takes to check a 'might_be_hooked'
flag.

>> At worst, it would require a check of a flag for system
>> calls that weren't every hooked.
>
> ?

In the system call handler, you check an array of 'might_be_hooked'
flags. If the flag is not set, meaning that function has never been hooked
or can't possibly be hooked now, you just call the function normally. The
code to hook a function first sets the 'might_be_hooked' flag.

>> The fact that this hasn't been done
>> reflects a conscious design choice to make it more difficult to do things
>> in
>> a "quick and dirty, work for me, but isn't right in principle" way.

> Who would want a change that slows down the system just to
> support poorly designed modules that only very few people
> use anyway?

The cost of checking a single almost-never-changed value in each system
call entry is nearly negligible. The fact that it doesn't even exist as a
configuration option despite demand shows that the real reason it doesn't
exist is a conscious choice not to provide this capability.

The "slows down the system" issue is just plain false. The "support
poorly designed modules" issue is the only real one.

DS


.

Relevant Pages

  • Re: Telephone # for technical support via long distance charges??
    ... > rest of the flag information does (a fact which renders this feature ... > onto this feature and it's been a god-send in many contracts. ... > charge up-front via credit card? ... I suggest that you go straight to the source...call Microsoft's main support ...
    (microsoft.public.outlook)
  • Re: Telephone # for technical support via long distance charges??
    ... > rest of the flag information does (a fact which renders this feature ... > onto this feature and it's been a god-send in many contracts. ... > charge up-front via credit card? ... I suggest that you go straight to the source...call Microsoft's main support ...
    (microsoft.public.outlook.program_vba)
  • Re: Telephone # for technical support via long distance charges??
    ... > rest of the flag information does (a fact which renders this feature ... > onto this feature and it's been a god-send in many contracts. ... > charge up-front via credit card? ... I suggest that you go straight to the source...call Microsoft's main support ...
    (microsoft.public.outlook.program_addins)
  • Re: Telephone # for technical support via long distance charges??
    ... > rest of the flag information does (a fact which renders this feature ... > onto this feature and it's been a god-send in many contracts. ... > charge up-front via credit card? ... I suggest that you go straight to the source...call Microsoft's main support ...
    (microsoft.public.outlook.thirdpartyutil)
  • Re: changevalue and newvalue
    ... Let's call it "Flag". ... newValue method for Ship_VIA displays a message indicating why ... When the form opens, the Reason will be ... method pushButton(var eventInfo Event) ...
    (comp.databases.paradox)