View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

Interception

kwinject intercepts process creation requests, then tries to match the name of the created program against the list of known compilers (see the -P option for kwinject). If a match is found, the command line is passed through the option filter, and written into an output file. Then the originally requested process is created. If no match was found, the process creation request is passed directly to the system.

How kwinject captures executed processes depends on the target platform.

On Unix, kwinject sets up the LD_PRELOAD environmental variable to point to an interception library before starting the user process. After the user command line has been started, the kwinject main module opens a local socket and starts listening for events. Every time a program calls a function that is part of a dynamically linked library, the system dynamic linker/loader first looks it up in preloaded libraries, then in other places. The kwinject preloaded library redefines a number of system calls (execv, execvp and execve), so that each time a program tries to execute a new process, a function from the preloaded library momentarily takes control over the application. Redefined system functions report the executed command line to the main kwinject module through a socket, and then call the original system function.

On Windows, kwinject starts the user process in debug mode and listens to CREATE_PROCESS debug events. There's no need to maintain a separate interception module or some interprocess communication channel, because information about new processes is passed to kwinject directly by the system. Essentially, kwinject on Windows works as a simplified debugger. As soon as a new CREATE_PROCESS event is received, kwinject inspects the process address space to capture some information (like the current working directory, the command line and environment variables).

Parent topic: How kwinject works
Next topic: Filtering

© Rogue Wave Software, Inc. All rights reserved. | Contact