Muli Ben-Yehuda wrote:
On Wed, Jun 18, 2008 at 02:14:49PM +0300, Dan Shimshoni wrote:
Is there a way to write an application/a kernel module which will
notice when a process named "xyz" starts ?
Yes, except that "process named xxx" is not very well
defined. Briefly, you would need to do is hook into exec() (via a
kernel module, ptrace, LD_PRELOAD, or you favorite hooking mechanism)
and check argv[0].
I think LD_PRELOAD actually wont work, since it's ignored for root SUID
executables :-)
Cheers,
Gilad
--
Gilad Ben-Yossef
Chief Coffee Drinker
Codefidence Ltd.
The code is free, your time isn't.(TM)
Web: http://codefidence.com
Email: [EMAIL PROTECTED]
Office: +972-8-9316883 ext. 201
Fax: +972-8-9316885
Mobile: +972-52-8260388
Q: How many NSA agents does it take to replace a lightbulb?
A: dSva7DrYiY24yeTItKyyogFXD5gRuoRqPNQ9v6WCLLywZPINlu!
