Re: Want to dump information about the process when it exits (Linux Kernel 2.4)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Razvan,
   Thanks for the quick response. Intercepting exit or exit_group
will only work for programs calling exit() system call, all others
will escape. Moreover I need to also trap programs getting terminated
via signals.
If we look at the kernel code do_exit() is the only kernel function
that is called in each context (but I can't change the code :( )

Regards,
Dang

On 5/11/06, Adrian - Razvan Deaconescu <razvand@xxxxxxxxx> wrote:


On 5/11/06, Dang <linuxdang@xxxxxxxxx> wrote:
> Hi,
>    I have an requirement of logging program's name with time stamp on
> its exit. My preference would be to trap in kernel. Can't change
> source code, I have to achieve it using modules.
>
>
> --
>
> Regards,
> Dang


You could use a module to intercept the exit or exit_group system call (i'm
not very sure which one you should use).
You'll have to play with the system call table (sys_call_table) and replace
the entry for the above mentioned system calls with your own function; here
you would print your debug message (for logging) and you would call the
original system call function so that the net result would be the same (the
process terminates).

Razvan




--

Regards,
Dang

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/



[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux