On 8/27/05, Yagnavarahan <yagnavarahan@xxxxxxxxx> wrote: > I'm only trying to hook onto syscalls now that 2.6 doesn't export the > syscall table. Modifying the syscall table, I believe was a very fragile > technique but with modifying the IDT, If proper synchronization is in place, > why would it fail? You can hook into the syscall table with a module too. Just get the syscall table address for your system from System.map and try modifying an obsolete call ID and replace it with your own syscall. Write a module that will take the sys_call_table address as a parameter and then use this value to export the sys_call_table variable (local to that module). Then use it as an 'extern' variable from another module that will use the sys_call_table variable to find out the location of an obsolete syscall and replace it with your own. here's a little pseudo-code: module1: ------------ unsigned long *sys_call_table; // need to export it [..] MODULE_PARM( syscalltable, "s" ); // setup by 'insmod' .. static int __init blah { unsigned long val; val = simple_strtoul( syscalltable, NULL, 16 ); sys_call_table = (unsigned long *)myval; //sanity checks here } .. //cleanup module here. /* module1 ends*/ module2 ---------- #define OBSOLETE_ID __NR_blah static unsigned long save_old_syscall; extern unsigned long *sys_call_table; ... static asmlinkage [return type] mysyscall ( arguments ){ //your new syscall here } static int __init blah2 { .. save_old_syscall = sys_call_table[ OBSOLETE_ID ]; sys_call_table[ OBSOLETE_ID ] = mysyscall; } //cleanup etc. /* module2 ends */ Once module1 and module2 are loaded (in that sequence), another program from userland can be written to use this syscall. I am not totally sure about repurcussions of modifying the IDT. Maybe someone else can enlighten. ./h -- Operating Systems and Computer Architecture Research - University of Cincinnati http://www.ececs.uc.edu/~mohapth -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/