<br><br><div class="gmail_quote">On Wed, Mar 28, 2012 at 9:16 AM, V.Ravikumar <span dir="ltr"><<a href="mailto:ravikumar.vallabhu@gmail.com">ravikumar.vallabhu@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br><br><div class="gmail_quote"><div class="im">On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa <span dir="ltr"><<a href="mailto:mulyadi.santosa@gmail.com" target="_blank">mulyadi.santosa@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi...<br>
<div><br>
On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <<a href="mailto:ravikumar.vallabhu@gmail.com" target="_blank">ravikumar.vallabhu@gmail.com</a>> wrote:<br>
> As part of auditing purpose I need to intercept/hook open/read/write system<br>
> calls.<br>
><br>
</div><div>> As I was lack of knowledge into kernel development.Could somebody help me<br>
> out here ?<br>
> I'm working on RHEL-5 machine with Linux kernel version 2.6.18<br>
> Thanks & Regards,<br>
> Ravi<br>
<br>
</div>IMHO you better use SystemTap, which is based on Kprobes. It can be<br>
used to hook into almost every part of kernel system, with very less<br>
overhead.<br>
<span><font color="#888888"></font></span><br></blockquote></div><div><br>Yes SystemTap is one of the elegant way to hook system calls.<br><br>But I need one help while hooking write system call. I need to print the file name also, but file name is not passed to write system call. How can I get the file for write (or sys_write ) system call.<br>
</div></div>
<br>_______________________________________________<br>
Kernelnewbies mailing list<br>
<a href="mailto:Kernelnewbies@kernelnewbies.org">Kernelnewbies@kernelnewbies.org</a><br>
<a href="http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies" target="_blank">http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies</a><br>
<br></blockquote></div><br><div>Hi,</div><div><br></div><div>One way to do this is to map the physical page to new virtual page and make that page RW and then replace with ur handlers. Refer vmap()</div><div><br></div><div>
-Rohan</div>