This provides some information on tracing and intercepting system calls. http://syscalltrack.sourceforge.net/ -----Original Message----- From: kernelnewbies-bounce@xxxxxxxxxxxx [mailto:kernelnewbies-bounce@xxxxxxxxxxxx] On Behalf Of Gaurav Dhiman Sent: Friday, June 03, 2005 12:50 PM To: dipti.pawar@xxxxxxxxx Cc: KERNEL Subject: Re: Intercepting unlink system cal > > Hi > > > > Thanks a lot Gaurav and Robert Bennett. > > At least the code is working now after I did the corrections told by you. > > But one more thing I did is that I subtracted 1 from __NR_unlink that > is index for accessing system call table. No dont do that, if you look at the system call table initilization code in entry.S (see the following link), you will find that the first entry, I mean the zero index of system call table is filled with pointer to "sys_ni_syscall" system call, which is a no system call. http://lxr.linux.no/source/arch/i386/kernel/entry.S#L575 Also look at the code of "sys_ni_syscall" system call at following link http://lxr.linux.no/source/kernel/sys_ni.c#L10 So you dont need to subtract 1 from system call number. -Gaurav > > __NR_unlink is defined in "unistd.h".I think there is difference > between starting index of system call table and indexes defined in "unistd.h ". > > > > Regards, > > Dipti. > > > > > http://www.patni.com > World-Wide Partnerships. World-Class Solutions. > _____________________________________________________________________ > > This e-mail message may contain proprietary, confidential or legally > privileged information for the sole use of the person or entity to > whom this message was originally addressed. Any review, e-transmission > dissemination or other use of or taking of any action in reliance upon > this information by persons or entities other than the intended > recipient is prohibited. If you have received this e-mail in error > kindly delete this e-mail from your records. If it appears that this > mail has been forwarded to you without proper authority, please notify > us immediately at netadmin@xxxxxxxxx and delete this mail. > _____________________________________________________________________ -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/ -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
