On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa <[email protected]>wrote:
> Hi... > > On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <[email protected]> > wrote: > > As part of auditing purpose I need to intercept/hook open/read/write > system > > calls. > > > > As I was lack of knowledge into kernel development.Could somebody help me > > out here ? > > I'm working on RHEL-5 machine with Linux kernel version 2.6.18 > > Thanks & Regards, > > Ravi > > IMHO you better use SystemTap, which is based on Kprobes. It can be > used to hook into almost every part of kernel system, with very less > overhead. > > Ok I'll also look into System Tap. But in my sample module example code for intercepting system call. how can I make system_call_table address to writable so that one can change to customized system call. Thanks & Regards, Ravi
_______________________________________________ Kernelnewbies mailing list [email protected] http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
