On Sun, 2006-06-04 at 19:50 +0200, Fernando Apesteguía wrote: > Maybe it is not as simple. > > I asked for a technical question for a real problem replacing/inserting system calls is a real problem. Trust me, I don't underestimate the extend of that problem. These problems are the reason the system call table is not exported to modules, you simply cannot do it correctly. That's not just my opinion, but people far smarter than me (say Linus) also agree there. > I know that this can be used for malicious software (viruses, > trojans...) yup. > but it is not the case. I know for example, that the use of _syscall* > is not recommended.... well but what if I want to use it to learn more > about that? And it is widely known that the use of "goto" is not a > good programming practice and the linux kernel uses it (for > performance reasons, I think). > > I only want to play with that profilers and try to make my own one in > the same way (although maybe this is not the best approach). doing it by overriding system calls is the wrong way for sure. Oprofile doesn't need to do this for example; it really depends on how you want to profile and what you want to profile. If you only want to track system calls, the audit subsystem has the infrastructure for this already, all you'd need to do is write the layer on top to interpret the events. If you want to use performance counters.. why not build on top of the oprofile infrastructure ? I'm not saying "be oprofile", but oprofile is multiple layers, and I suspect you should be able to reuse the lower layers of it as is (or with really small changes) and still make a profiler that is both your own and does what you want... -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/