On Sun, 2007-02-25 at 14:32 +0100, Fernando Apesteguía wrote: > On 2/25/07, Liran <liransgarage@xxxxxxxxx> wrote: > > Avishay Traeger <atraeger <at> cs.sunysb.edu> writes: > > > > > Does it need to be in the kernel? A couple user space options are: > > > - use ptrace, but that has some limitations (you can only trace child > > > processes). > > > - use LD_PRELOAD > > > > > > To do it from the kernel, you can create a module that: > > > - on loading, replaces the existing system call pointers to functions > > > that collect the desired data and calls the original functions. > > > - on unloading, restores the original system call pointers. > > > > > > I will examine the LD_PRELOAD idea, seems like it could work. > > Regarding the kernel module idea by replacing an existing function, > > doing some stuff and then restoring the original system call - is > > this a normal way of approaching it? Would it be considered ok? > > No. It is dirty and unsafe in SMP systems. If you want to do that use kprobes. Yes, you are correct - kprobes would be a much better way to do it. Thanks, Avishay -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
