Intercepting a system call

Paul Davies C pauldaviesc at gmail.com
Fri Jan 25 09:13:11 EST 2013


Hi Grzegorz,
   To my knowledge if we try write to a read only area ,the kernel gives an
OOPS.As I stated in the question,the module does not give me any errors.I
have disabled page protections before writing to sys_call_table. I believe
that is enough to make the sys_call_table RW. What do you think?


On Fri, Jan 25, 2013 at 6:58 PM, Paul Davies C <pauldaviesc at gmail.com>wrote:

> Hi,
>   [1] is the module I wrote for intercepting the system call fork(). I
> have taken the conventional way of hooking the system call. Firstly I found
> out the address of the sys_call_table from the System.map. Then I used it
> in the module to substitute for the original fork() with my own version of
> fork.My version does nothing more than printing a message and returning the
> original fork(). It didn't  gave any errors when loaded to kernel using the
> insmod.  However it seems that the module had no affect on the
> sys_call_table[] since the fork() is working perfectly after the insertion
> of module and it does not show me the message it was supposed to print. Can
> someone figure out the problem? I am using 3.2.0-4-686 version of kernel.
> [1]  http://pastebin.com/aWN3jdQU
>
> --
> *Regards,*
>  *Paul Davies C*
> vivafoss.blogspot.com
>



-- 
*Regards,*
*Paul Davies C*
vivafoss.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20130125/2f687aff/attachment-0001.html 


More information about the Kernelnewbies mailing list