Hooking a system call.
V.Ravikumar
ravikumar.vallabhu at gmail.com
Mon Mar 26 04:14:18 EDT 2012
On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa
<mulyadi.santosa at gmail.com>wrote:
> Hi...
>
> On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <ravikumar.vallabhu at gmail.com>
> wrote:
> > As part of auditing purpose I need to intercept/hook open/read/write
> system
> > calls.
> >
> > As I was lack of knowledge into kernel development.Could somebody help me
> > out here ?
> > I'm working on RHEL-5 machine with Linux kernel version 2.6.18
> > Thanks & Regards,
> > Ravi
>
> IMHO you better use SystemTap, which is based on Kprobes. It can be
> used to hook into almost every part of kernel system, with very less
> overhead.
>
> Ok I'll also look into System Tap.
But in my sample module example code for intercepting system call. how can
I make system_call_table address to writable so that one can change to
customized system call.
Thanks & Regards,
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120326/eedbb119/attachment.html
More information about the Kernelnewbies
mailing list