This talk will cover three different methods of function hooking for Mac OSX and Linux. The talk will begin by describing useful bits of Intel64 assembly followed up with 3 different binary rewriting techniques to hook a range of different functions, including some inlined functions, too. We'll finish up with a demo of two nice things that these techniques make possible (a memory profiler and a function call tracer), and one slightly more evil thing.
Joe Damato is a systems programmer who spends his days hacking on the Ruby VM and tools for analyzing the performance characteristics of complex software systems. He maintains a blog (http://timetobleed.com) where he releases code, patches to the Ruby VM, and his thoughts on low level systems programming. He maintains memprof, a Ruby level memory profiler and added support for libdl to trace.