On Mon, Mar 26, 2012 at 10:14 AM, V.Ravikumar <[email protected]> wrote: > > > On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa <[email protected]> > wrote: >> >> Hi... >> >> On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <[email protected]> >> wrote: >> > As part of auditing purpose I need to intercept/hook open/read/write >> > system >> > calls. >> > >> > As I was lack of knowledge into kernel development.Could somebody help >> > me >> > out here ? >> > I'm working on RHEL-5 machine with Linux kernel version 2.6.18 >> > Thanks & Regards, >> > Ravi >> >> IMHO you better use SystemTap, which is based on Kprobes. It can be >> used to hook into almost every part of kernel system, with very less >> overhead. >> > Ok I'll also look into System Tap. > > But in my sample module example code for intercepting system call. how can > I make system_call_table address to writable so that one can change to > customized system call. > > Thanks & Regards, > Ravi >
Updating the system_call_table is racy, that is why is not writable. You should really use kprobes or systemtap for that. Regards, -- Javier MartÃnez Canillas (+34) 682 39 81 69 Barcelona, Spain _______________________________________________ Kernelnewbies mailing list [email protected] http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
