RE: How to intercept sys_exit()...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Prasad,

I am also a learner ...

I guess the best way will be to modify do_exit () in kernel/exit.c and
recompile the kernel.

Or  you could do something like this from a module, I think this is
nasty.

Globally

long *my_sys_call_table = sys_call_table;
void (*old_exit_syscall)( int error_code)
old_exit_syscall=my_sys_call_table[1];    
// 1 is point to sys_exit routine as per head.S

In init module session, you could ...

my_sys_call_table[1]=new_exit_syscall;

asmlinkage void new_exit_syscall (int error_code ) {

// Do your stuff 
old_exit_syscall(error_code);

}
exit module session
my_sys_call_table[1]= old_exit_syscall;



Theoriticaly this should work ... Do you think ?

Aboo


-----Original Message-----
From: kernelnewbies-bounce@xxxxxxxxxxxx
[mailto:kernelnewbies-bounce@xxxxxxxxxxxx] On Behalf Of Prasad
Sent: Thursday, October 07, 2004 8:20 PM
To: kernelnewbies@xxxxxxxxxxxx
Subject: How to intercept sys_exit()...


	Hi there ! 
   Can anyone tell me how to intecept exit system call...?
   I'm using linux-2.6.8.1 kernel, and need to do it for some auditing 
   purpose...	
-- 
regards
   -Prasad



--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/


--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux