Hi Razvan, Thanks for the quick response. Intercepting exit or exit_group will only work for programs calling exit() system call, all others will escape. Moreover I need to also trap programs getting terminated via signals. If we look at the kernel code do_exit() is the only kernel function that is called in each context (but I can't change the code :( ) Regards, Dang On 5/11/06, Adrian - Razvan Deaconescu <razvand@xxxxxxxxx> wrote:
On 5/11/06, Dang <linuxdang@xxxxxxxxx> wrote: > Hi, > I have an requirement of logging program's name with time stamp on > its exit. My preference would be to trap in kernel. Can't change > source code, I have to achieve it using modules. > > > -- > > Regards, > Dang You could use a module to intercept the exit or exit_group system call (i'm not very sure which one you should use). You'll have to play with the system call table (sys_call_table) and replace the entry for the above mentioned system calls with your own function; here you would print your debug message (for logging) and you would call the original system call function so that the net result would be the same (the process terminates). Razvan
-- Regards, Dang -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/