in the newer versions of the kernel (2.4.20-8 included),
they have stopped exporting the syscall table, so that
modules can't do what you're trying to do. I personally
think it's annoying, since it's the quickest and easiest
way to do what you're describing.
Your easiest option is patch the version of the kernel
you are running. By that, I mean just change the actual
sys_exit function to do what you want it to do, instead
of redirecting the system call to your module like it
seems you were doing in the past. You have to recompile
the whole kernel instead of just installing your module,
though.
anthony
--- Koby Horesh <yacovh@cyber-ark.com> wrote:
> Hi all,
>
> I seem to have a problem. I have a code which traps the
> sys_exit call in
> order to know about
> terminating threads .
> When upgrading to redhat 2.4.20-8 I cannot locate the
> sys_exit ,
> sys_socketcall which helped
> hacking into the syscall table , does anyone know about a
> solution , or any
> other way I can
> follow terminating threads in my system.
>
> The hack code is the following :
>
> begin = (unsigned long *) &system_utsname;
> for (i=0;i<1024;i++)
> {
> if (*(begin+i) == (unsigned long) sys_socketcall)
> {
> sys_call_table = (void *)
> (begin+i-__NR_socketcall);
> //are you sure?
> if (sys_call_table[__NR_exit]==(void *) sys_exit)
> {
> Status = PAKRNL_STATUS_SUCCESS;
> }
> }
> }
>
> Koby
> --
> Kernelnewbies: Help each other learn about the Linux
> kernel.
> Archive: http://mail.nl.linux.org/kernelnewbies/
> FAQ: http://kernelnewbies.org/faq/
>
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
