Thanks for advice ! I am using the LSM framework even though it need recompiling the kernel. But I will also give a try to the kernelroll module. Modifying sys_call_table is easier to get error but it can get more freedom than LSM framework which could only hook on limit hooking points.
On Mon, Nov 28, 2011 at 9:12 AM, richard -rw- weinberger < [email protected]> wrote: > On Sun, Nov 27, 2011 at 11:17 PM, Jonathan Neuschäfer > <[email protected]> wrote: > > On Wed, Nov 23, 2011 at 04:40:14PM +0800, Geraint Yang wrote: > >> Hello everyone, > >> > >> I am going to hook a system call like 'read' or 'send' by modifying the > >> sys_call_table, but it seems that the sys_call_table is in read only > page, > >> how can I set modify the sys_call_table ? Or if there any method that I > can > >> use to hook a system call in module without modify the kernel source? > > Please keep in mind that hooking a system call is very bad and error prone. > > -- > Thanks, > //richard > -- Geraint Yang Tsinghua University Department of Computer Science and Technology
_______________________________________________ Kernelnewbies mailing list [email protected] http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
