Re: Hooking a system call.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]





On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> wrote:
Hi...

On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <ravikumar.vallabhu@xxxxxxxxx> wrote:
> As part of auditing purpose I need to intercept/hook open/read/write system
> calls.
>
> As I was lack of knowledge into kernel development.Could somebody help me
> out here ?
> I'm working on RHEL-5 machine with Linux kernel version 2.6.18
> Thanks & Regards,
> Ravi

IMHO you better use SystemTap, which is based on Kprobes. It can be
used to hook into almost every part of kernel system, with very less
overhead.

Ok I'll also look into System Tap.

But in my sample module example code for  intercepting system call. how can I make system_call_table address to writable so that one can change to customized system call.

Thanks & Regards,
Ravi

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

[Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Photo]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Networking]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]

Add to Google Powered by Linux