How to hook all operating system calls of my own process?

I need to hijack all operating system calls of my own process. I cannot rewrite code as it is partly not my code (plug-ins). I need to be able to decide within my implementation of a specific system call, if I want to call the original implementation or not.

Operating systems will be at first windows xp and higher versions. Later os x 10.5 and higher will follow. Starting on windows with 32 bit versions, later for all operating systems also 64 bit versions.

I found a lot of documentation and tools about hooking oth开发者_JS百科er processes but I would hope my job is much simpler and I would hope for some source code.

Thanks a lot in advance, Bernd.

There are many hooking libraries that will let you do this, for example Detours or madCodeHook on Windows. No doubt there are similar libraries on OSX, I just don't know them!

It's very easy to hook a routine and replace it with your own implementation. It's less easy to retain the option of running the original routine in some circumstances, and that's where using a hooking library will take the pain away for you.

On Mac OS X, you can override functions with the DYLD_INTERPOSE macro (and DYLD_INSERT_LIBRARIES, if needed). This answer has an example: Ansi C patch using dlsym compiles OK under linux but fails on Mac Os X

For Windows, there is the open source alternative to Microsoft Detours called EasyHook:

• CodePlex: EasyHook
• Code Project: EasyHook - The reinvention of Windows API hooking