Hi everybody!
I need to audit file that are going to be executed, I'm intercepting the
"execve" system calls changing the sys_call_table, but I've a doubt
about the function I have to use; I'm using the "sys_execve(struct
pt_regs regs)" function in linux/arch/i386/kernel/process.c it is ok?
In my code:
my_code.h >>
static asmlinksge int (*orig_sys_execve)(struct pt_regs regs)
my_code.c >>
int My_sys_execve(struct pt_regs regs){
return orig_sys_execve(regs);
}
When I load the module with this code and I try to execute something I
get "Segmentation fault" error
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
IRC Channel: irc.openprojects.net / #kernelnewbies
Web Page: http://www.kernelnewbies.org/
