Avishay Traeger <atraeger <at> cs.sunysb.edu> writes: > Does it need to be in the kernel? A couple user space options are: > - use ptrace, but that has some limitations (you can only trace child > processes). > - use LD_PRELOAD > > To do it from the kernel, you can create a module that: > - on loading, replaces the existing system call pointers to functions > that collect the desired data and calls the original functions. > - on unloading, restores the original system call pointers. I will examine the LD_PRELOAD idea, seems like it could work. Regarding the kernel module idea by replacing an existing function, doing some stuff and then restoring the original system call - is this a normal way of approaching it? Would it be considered ok? Thanks. Liran. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
