I have some good news and some bad news. Good news: Syscall hooking in Linux 2.6 is done and it works.
Bad news: sys_execve hook does not work :) The dazuko replacement for sys_execve does its magic and then, instead of calling sys_execve, it inlines the sys_execve code, which involves a call to do_execve, which does all the real work. Unfortunately, it seems that do_execve is not an exported symbol in 2.6 kernels. I do not quite understand the comments explaining why sys_execve cannot be called directly in dazuko_linux.c. Could someone elaborate? -- Sami Tikka tel: +358 9 2520 5115 Senior Software Engineer fax: +358 9 2520 5013 F-Secure Corporation http://www.f-secure.com/ BE SURE _______________________________________________ Dazuko-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/dazuko-devel
