Hooking a system call.
V.Ravikumar
ravikumar.vallabhu at gmail.com
Tue Mar 27 23:46:34 EDT 2012
On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa
<mulyadi.santosa at gmail.com>wrote:
> Hi...
>
> On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <ravikumar.vallabhu at gmail.com>
> wrote:
> > As part of auditing purpose I need to intercept/hook open/read/write
> system
> > calls.
> >
> > As I was lack of knowledge into kernel development.Could somebody help me
> > out here ?
> > I'm working on RHEL-5 machine with Linux kernel version 2.6.18
> > Thanks & Regards,
> > Ravi
>
> IMHO you better use SystemTap, which is based on Kprobes. It can be
> used to hook into almost every part of kernel system, with very less
> overhead.
>
>
Yes SystemTap is one of the elegant way to hook system calls.
But I need one help while hooking write system call. I need to print the
file name also, but file name is not passed to write system call. How can I
get the file for write (or sys_write ) system call.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120328/e4ed1874/attachment.html
More information about the Kernelnewbies
mailing list