RE: Intercepting unlink system cal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This provides some information on tracing and intercepting system calls.

http://syscalltrack.sourceforge.net/


-----Original Message-----
From: kernelnewbies-bounce@xxxxxxxxxxxx
[mailto:kernelnewbies-bounce@xxxxxxxxxxxx] On Behalf Of Gaurav Dhiman
Sent: Friday, June 03, 2005 12:50 PM
To: dipti.pawar@xxxxxxxxx
Cc: KERNEL
Subject: Re: Intercepting unlink system cal

> 
> Hi
> 
>   
> 
> Thanks a lot Gaurav and Robert Bennett. 
> 
> At least the code is working now after I did the corrections told by
you. 
> 
> But one more thing I did is that I subtracted 1 from __NR_unlink that 
> is index for accessing system call table.


No dont do that, if you look at the system call table initilization code
in entry.S (see the following link), you will find that the first entry,
I mean the zero index of system call table is filled with pointer to
"sys_ni_syscall" system call, which is a no system call.

http://lxr.linux.no/source/arch/i386/kernel/entry.S#L575

Also look at the code of "sys_ni_syscall" system call at following link

http://lxr.linux.no/source/kernel/sys_ni.c#L10

So you dont need to subtract 1 from system call number.

-Gaurav

> 
> __NR_unlink is defined in "unistd.h".I think there is difference 
> between starting index of system call table and indexes defined in
"unistd.h ".
> 
>   
> 
> Regards,
> 
> Dipti. 
> 
>   
> 
>   
> http://www.patni.com
>  World-Wide Partnerships. World-Class Solutions. 
> _____________________________________________________________________
>  
>  This e-mail message may contain proprietary, confidential or legally 
> privileged information for the sole use of the person or entity to 
> whom this message was originally addressed. Any review, e-transmission

> dissemination or other use of or taking of any action in reliance upon

> this information by persons or entities other than the intended 
> recipient is prohibited. If you have received this e-mail in error 
> kindly delete this e-mail from your records. If it appears that this 
> mail has been forwarded to you without proper authority, please notify

> us immediately at netadmin@xxxxxxxxx and delete this mail.
> _____________________________________________________________________

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/




--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux