On 2/25/07, Liran <liransgarage@xxxxxxxxx> wrote:
Avishay Traeger <atraeger <at> cs.sunysb.edu> writes: > Does it need to be in the kernel? A couple user space options are: > - use ptrace, but that has some limitations (you can only trace child > processes). > - use LD_PRELOAD > > To do it from the kernel, you can create a module that: > - on loading, replaces the existing system call pointers to functions > that collect the desired data and calls the original functions. > - on unloading, restores the original system call pointers. I will examine the LD_PRELOAD idea, seems like it could work. Regarding the kernel module idea by replacing an existing function, doing some stuff and then restoring the original system call - is this a normal way of approaching it? Would it be considered ok?
No. It is dirty and unsafe in SMP systems. If you want to do that use kprobes. Best Regards
Thanks. Liran. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
-- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
