How to hook the system call?
Geraint Yang
geraint0923 at gmail.com
Sun Nov 27 21:12:26 EST 2011
Thanks for advice !
I am using the LSM framework even though it need recompiling the kernel.
But I will also give a try to the kernelroll module.
Modifying sys_call_table is easier to get error but it can get more freedom
than LSM framework which could only hook on limit hooking points.
On Mon, Nov 28, 2011 at 9:12 AM, richard -rw- weinberger <
richard.weinberger at gmail.com> wrote:
> On Sun, Nov 27, 2011 at 11:17 PM, Jonathan Neuschäfer
> <j.neuschaefer at gmx.net> wrote:
> > On Wed, Nov 23, 2011 at 04:40:14PM +0800, Geraint Yang wrote:
> >> Hello everyone,
> >>
> >> I am going to hook a system call like 'read' or 'send' by modifying the
> >> sys_call_table, but it seems that the sys_call_table is in read only
> page,
> >> how can I set modify the sys_call_table ? Or if there any method that I
> can
> >> use to hook a system call in module without modify the kernel source?
>
> Please keep in mind that hooking a system call is very bad and error prone.
>
> --
> Thanks,
> //richard
>
--
Geraint Yang
Tsinghua University Department of Computer Science and Technology
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20111128/65e8ac05/attachment.html
More information about the Kernelnewbies
mailing list