Re: How to hook the system call?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Wed, Nov 23, 2011 at 11:22 AM, Alexandru Juncu <alex.juncu@xxxxxxxxxx> wrote:
> On Wed, Nov 23, 2011 at 10:40 AM, Geraint Yang <geraint0923@xxxxxxxxx> wrote:
>> Hello everyone,
>>
>> I am going to hook a system call like 'read' or 'send' by modifying the
>> sys_call_table, but it seems that the sys_call_table is in read only page,
>> how can I set modify the sys_call_table ? Or if there any method that I can
>> use to hook a system call in module without modify the kernel source?
>>
>> Thanks!
>
> On a 2.6.35 kernel, it worked for me just by changing an entry in the
> sys_call_table, within a kernel module.  Something like this:

Alex,
I am pretty sure that you are using a hacked version of 2.6.35.

Geraint,
In order to be able to hook a syscall you must do the following:

1. export syscall_table in arch/x86/kernel/i386_ksyms_32.c

extern void* sys_call_table[];
EXPORT_SYMBOL(sys_call_table);

2. make sys_call_table writebale. In arch/x86/kernel/entry_32.S
you must have:

.section .data,"a"
#include "syscall_table_32.S"

thanks,
Daniel.

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies



[Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Networking]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]

Add to Google Powered by Linux