I'm trying to write a Loadable Kernel Module for linux 2.4 that would log info of the calling process/user everytime an execve is called. I got some info about this from the web but it seems that the code does'nt work for linux 2.4.
Here's the code I've written so far.
<standard stuff for LKM's>
int (*orig_execve) (const char *, const char *[], const char *[]);
int __NR_myexecve = 0;
extern void *sys_call_table[];
int my_execve(const char *filename, const char *argv[], const char *envp[])
{
long __res = 0;
__asm__ volatile ("int $0x80":"=a" (__res):"0"(__NR_myexecve), "b"((long) (filename)), "c"((long) (argv)), "d"((long) (envp)));
return (int) __res;
}
int wrapped_execve( const char *filename, const char *argv[], const char *envp[])
{
return my_execve(filename, argv, envp);
}
int init_module(void)
{
__NR_myexecve = 300;
while( (__NR_myexecve != 0) && (sys_call_table[__NR_myexecve] != 0) )
{
__NR_myexecve--;
}
if( __NR_myexecve != 0 )
{
orig_execve = sys_call_table[ SYS_execve ];
sys_call_table[ SYS_execve ] = wrapped_execve;
sys_call_table[ __NR_myexecve ] = orig_execve;
}
}
I've tried the above code but I always get -34 (I printed it out). So after loading this above module I render my system unusable.
I above code example was for linux kernel 2.0. I'm wondering whether the __asm code has changed for 2.4 kernel.
Any ideas, thanks.
___________________________________________________
This message is brought to you by www.onemailer.com
-
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
IRC Channel: irc.openprojects.net / #kernelnewbies
Web Page: http://www.kernelnewbies.org/
