Re: Hooking a system call.
|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On 03/26/2012 01:14 AM, V.Ravikumar wrote: > > > On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa > <mulyadi.santosa@xxxxxxxxx <mailto:mulyadi.santosa@xxxxxxxxx>> wrote: > > Hi... > > On Mon, Mar 26, 2012 at 11:45, V.Ravikumar > <ravikumar.vallabhu@xxxxxxxxx <mailto:ravikumar.vallabhu@xxxxxxxxx>> > wrote: > > As part of auditing purpose I need to intercept/hook > open/read/write system > > calls. > > > > As I was lack of knowledge into kernel development.Could somebody > help me > > out here ? > > I'm working on RHEL-5 machine with Linux kernel version 2.6.18 > > Thanks & Regards, > > Ravi > > IMHO you better use SystemTap, which is based on Kprobes. It can be > used to hook into almost every part of kernel system, with very less > overhead. > > Ok I'll also look into System Tap. > > But in my sample module example code for intercepting system call. how > can I make system_call_table address to writable so that one can change > to customized system call. > > Thanks & Regards, > Ravi > You could use tracepoints, register_trace_sys_enter register_trace_sys_exit as used by ftrace in kernel/trace/trace_syscalls.c -Fredrick _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
[Newbies FAQ] [Linux Kernel Development] [IETF Annouce] [Git] [Networking] [Security] [Bugtraq] [Photo] [Yosemite] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Networking] [Linux RAID] [Linux SCSI] [Linux ACPI]