> > Hi, > > I am totally new to linux kernel . I want to intercept system calls > > with sys_call_table. But , it seems that this symbol is not exported in > > linux kernel 2.4. > > Is there any method by which i can export this symbol ?? > > > > Waiting for the help .... > > You can intercept system call even if you don't have sys_call_table exported in your running kernel. Just do the following things :- 1. Try to get the source code for the runnig kernel. 2. Build vmlinux 3. With objdump now try to get the address of sys_call_table :- $ objdump -D vmlinux >& Output Here, if you look for "sys_call_table", you can see the address of it. 4. Now write a kernel module, in which take a char * variable whose value is this... and then you can easuly intercept the system call whichever you want with the help of __NR_<x> constants which are defined in "linux/unistd.h", So for example if you want to intercept sys_exit() :- // I'm assuming address of sys_call_table = 0xc1010101 long *temp = 0xc1010101; int (*my_function)(int); int (*original_function)(int); original_function = *(temp + __NR_exit); *(temp + __NR_exit) = my_function; Hope this helps you... Thanks. Sumit Sharma, IBM, Bangalore.
