On Wed, Nov 23, 2011 at 3:57 PM, Alexandru Juncu <[email protected]>wrote:
> On Wed, Nov 23, 2011 at 12:10 PM, Daniel Baluta <[email protected]> > wrote: > > On Wed, Nov 23, 2011 at 11:22 AM, Alexandru Juncu <[email protected]> > wrote: > >> On Wed, Nov 23, 2011 at 10:40 AM, Geraint Yang <[email protected]> > wrote: > >>> Hello everyone, > >>> > >>> I am going to hook a system call like 'read' or 'send' by modifying the > >>> sys_call_table, but it seems that the sys_call_table is in read only > page, > >>> how can I set modify the sys_call_table ? Or if there any method that > I can > >>> use to hook a system call in module without modify the kernel source? > >>> > >>> Thanks! > >> > >> On a 2.6.35 kernel, it worked for me just by changing an entry in the > >> sys_call_table, within a kernel module. Something like this: > > > > Alex, > > I am pretty sure that you are using a hacked version of 2.6.35. > > > > Geraint, > > In order to be able to hook a syscall you must do the following: > > > > 1. export syscall_table in arch/x86/kernel/i386_ksyms_32.c > > > > extern void* sys_call_table[]; > > EXPORT_SYMBOL(sys_call_table); > > > > 2. make sys_call_table writebale. In arch/x86/kernel/entry_32.S > > you must have: > > > > .section .data,"a" > > #include "syscall_table_32.S" > > > > thanks, > > Daniel. > > > > Ah, Daniel is right... I forgot about that part... > > _______________________________________________ > Kernelnewbies mailing list > [email protected] > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > You can get the address of the sys_call_table from the /proc/kallsyms and regarding the read-only section of the this symbol you can re-map the addresses by making use of vmap api in kernel. This will avoid the need for the compilation of the kernel. But I would not recommend you to do this. Their is LSM framework specifically available for this try to see if you can make use of that. Regards, Rohan Puri
_______________________________________________ Kernelnewbies mailing list [email protected] http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
