How to hook the system call?
Jonathan Neuschäfer
j.neuschaefer at gmx.net
Sun Nov 27 17:17:19 EST 2011
On Wed, Nov 23, 2011 at 04:40:14PM +0800, Geraint Yang wrote:
> Hello everyone,
>
> I am going to hook a system call like 'read' or 'send' by modifying the
> sys_call_table, but it seems that the sys_call_table is in read only page,
> how can I set modify the sys_call_table ? Or if there any method that I can
> use to hook a system call in module without modify the kernel source?
There's a kernel module for "advanced rickrolling" that overwrites the
open entry in the syscall table: https://github.com/fpletz/kernelroll
It does some trickery to make the page writable first.
HTH,
Jonathan Neuschäfer
More information about the Kernelnewbies
mailing list