<br><br><div class="gmail_quote">On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa <span dir="ltr"><<a href="mailto:mulyadi.santosa@gmail.com">mulyadi.santosa@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi...<br>
<div class="im"><br>
On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <<a href="mailto:ravikumar.vallabhu@gmail.com">ravikumar.vallabhu@gmail.com</a>> wrote:<br>
> As part of auditing purpose I need to intercept/hook open/read/write system<br>
> calls.<br>
><br>
</div><div class="im">> As I was lack of knowledge into kernel development.Could somebody help me<br>
> out here ?<br>
> I'm working on RHEL-5 machine with Linux kernel version 2.6.18<br>
> Thanks & Regards,<br>
> Ravi<br>
<br>
</div>IMHO you better use SystemTap, which is based on Kprobes. It can be<br>
used to hook into almost every part of kernel system, with very less<br>
overhead.<br>
<span class="HOEnZb"><font color="#888888"><br></font></span></blockquote>Ok I'll also look into System Tap.<br><br>But
in my sample module example code for intercepting system call. how can
I make system_call_table address to writable so that one can change to
customized system call.<br>
<br>Thanks & Regards,<br>Ravi</div><br>