On Wed, Mar 28, 2012 at 9:16 AM, V.Ravikumar <[email protected]>wrote:
> > > On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa < > [email protected]> wrote: > >> Hi... >> >> On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <[email protected]> >> wrote: >> > As part of auditing purpose I need to intercept/hook open/read/write >> system >> > calls. >> > >> > As I was lack of knowledge into kernel development.Could somebody help >> me >> > out here ? >> > I'm working on RHEL-5 machine with Linux kernel version 2.6.18 >> > Thanks & Regards, >> > Ravi >> >> IMHO you better use SystemTap, which is based on Kprobes. It can be >> used to hook into almost every part of kernel system, with very less >> overhead. >> >> > Yes SystemTap is one of the elegant way to hook system calls. > > But I need one help while hooking write system call. I need to print the > file name also, but file name is not passed to write system call. How can I > get the file for write (or sys_write ) system call. > > _______________________________________________ > Kernelnewbies mailing list > [email protected] > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > > Hi, One way to do this is to map the physical page to new virtual page and make that page RW and then replace with ur handlers. Refer vmap() -Rohan
_______________________________________________ Kernelnewbies mailing list [email protected] http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
