Re: sys_call_table

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

There is an easy solution for this "obvious ¿¿??" fixed problem.

This works fine with Red Hat 8.0 - kernel 2.4.18-14,
the first distribution that not exports system_call anymore.

You can include this function (locate_sys_call_table) in a
kernel module for intercept sys_calls or create
an independent module that all his job will be
re EXPORT_SYMBOL(sys_call_table) to others modules.


....
#include <linux/syscall.h>
#include <asm/unistd.h>

static void **sys_call_table;

//nearest exported symbol to syscalls in my kernel,
//i hope in others kernels too
//but in other form you can look at your kernel sources

extern void *system_utsname;

....

static int locate_sys_call_table(void) {
    unsigned long *begin;
    int i;

    begin=(unsigned long *) &system_utsname;
    for (i=0;i<1024;i++) {
        if (*(begin+i)==(unsigned long) sys_socketcall) {
            sys_call_table=(void *) (begin+i-__NR_socketcall);
            //are you sure?
            if (sys_call_table[__NR_exit]==(void *) sys_exit) {
                printk("success: located sys_call_table: %X\n",(unsigned
int) sys_call_table);
                return(1);
            }
        }
    }
    return(0);
}


int __init init_exportmodule (void)
{

    if (!locate_sys_call_table()) {
        // ... cry again and return error
    }

    //.....sys_call_table[] works now!!
    //......do something like export symbol
    //.... or intercept any syscall

}

...
that's all.


----- Original Message -----
From: "Anomalous Force" <anomalous_force@yahoo.com>
To: <kernelnewbies@nl.linux.org>
Sent: Sunday, December 22, 2002 8:23 PM
Subject: sys_call_table


> on the website's faq page under the heading
>
> "How do I intercept system calls ?"
>
> the phrase:
>
> Note that Linus removed sys_call_table in 2.5 kernels.
>
> is not correct.
>
>
> =====
> Main Entry: anom·a·lous
> 1 : inconsistent with or deviating from what is usual, normal, or
expected: IRREGULAR, UNUSUAL
> 2 (a) : of uncertain nature or classification (b) : marked by incongruity
or contradiction : PARADOXICAL
> synonym see IRREGULAR
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> --
> Kernelnewbies: Help each other learn about the Linux kernel.
> Archive:       http://mail.nl.linux.org/kernelnewbies/
> FAQ:           http://kernelnewbies.org/faq/

___________________________________________________
Yahoo! Postales
Felicita las Navidades con las postales más
divertidas desde http://postales.yahoo.es
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux