On Fri, 2005-04-15 at 14:04 -0400, Igor Shmukler wrote: > Hello, > We are working on a LKM for the 2.6 kernel. > We HAVE to intercept system calls. I understand this could be > something developers are no encouraged to do these days, but we need > this. > Patching kernel to export sys_call_table is not an option. The fast > and dirty way to do this would be by using System.map, but I would > rather we find a cleaner approach. These ideas are hardly a clean approach but might work although I haven't tried: Hook into an existing kernel function that is exported to modules that can be called by a system call, like a /proc or /sys file. On a sys_read or sys_write to your /proc file, perform a stack trace back to the system call, then search and adjust to find the system call table pointer. You might also be able to look at the int $80 vector and grub through the machine code to find it. Of course, anything like this will probably only work on x86 and need to be rewritten for each architecture. Very messy. -- Zan Lynx <[email protected]>
Attachment:
signature.asc
Description: This is a digitally signed message part
- References:
- intercepting syscalls
- From: Igor Shmukler <[email protected]>
- intercepting syscalls
- Prev by Date: Re: [SATA] status reports updated
- Next by Date: Re: Fortuna
- Previous by thread: Re: intercepting syscalls
- Next by thread: Re: intercepting syscalls
- Index(es):
 |