Intercepting unlink system call

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

I am intercepting unlink system call and trying to print a message.

But after inserting the module I cannot see the message in /var/log/messages file every time I remove a file.

Sometimes I can see the message but not always.

Whereas if I mount a partition, create a file in it and delete that file and unmount the partition I can see the message in /var/log/messages file immediately.

 Can anyone please tell the reason for this behavior?

Following is sample code that I’m using.

 

 

 

/* Compilation options:  gcc -Wall -DMODULE -D__KERNEL__ -DLINUX -c -o my_unlink.o my_unlink.c */

 

#include <linux/kernel.h>

#include <linux/unistd.h>

#include <linux/module.h>

#include <linux/linkage.h>

 

unsigned long  *mod_sys_call_table=(unsigned long *)0xc030a0f0;      /* this address can be found by command

grep sys_call_table /boot/System.map-2.4.26 where 2.4.26 is system release

                                                                                                            which can change and can be obtained by uname -r*/

 

asmlinkage unsigned long (*original_call)(const char*);

 

asmlinkage long  our_sys_unlink(const char *filename )

{

  printk("File is about to get deleted " );                                                                /* print a message when a file is to be deleted*/

  printk("%s",filename);

  return original_call(filename);                                                                                         /* call the function at orignal address to remove the file*/

}

 

int init_module()

{

  printk("<1> In init function\n ");

  original_call= mod_sys_call_table[__NR_unlink-1];                                             /* save the original address*/

  mod_sys_call_table[__NR_unlink-1]=our_sys_unlink;                                          /* replace the address by our function*/

  return 0;

 }

 

int cleanup_module()

{

  mod_sys_call_table[__NR_unlink-1]=original_call;                                              /* replace orignal address again while exiting*/

 return 0;

}

 

 


http://www.patni.com
World-Wide Partnerships. World-Class Solutions.
_____________________________________________________________________

This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at netadmin@xxxxxxxxx and delete this mail.
_____________________________________________________________________
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux