Hooking a system call.
Mulyadi Santosa
mulyadi.santosa at gmail.com
Mon Mar 26 03:48:54 EDT 2012
Hi...
On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <ravikumar.vallabhu at gmail.com> wrote:
> As part of auditing purpose I need to intercept/hook open/read/write system
> calls.
>
> As I was lack of knowledge into kernel development.Could somebody help me
> out here ?
> I'm working on RHEL-5 machine with Linux kernel version 2.6.18
> Thanks & Regards,
> Ravi
IMHO you better use SystemTap, which is based on Kprobes. It can be
used to hook into almost every part of kernel system, with very less
overhead.
--
regards,
Mulyadi Santosa
Freelance Linux trainer and consultant
blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com
More information about the Kernelnewbies
mailing list