On 11/10/08, ashish mahamuni <ashitpro@xxxxxxxxxxx> wrote: > Hello All, > > I am trying to write a module which will log the user who deleted the file... > So, I am thinking of hooking the unlink system call... > Which is the best way to achieve this? > Is it possible in 2.6 kernel? You can use this ugly code to write a module (since syscall table is not exported to modules anymore): http://www.subversity.net/node/24 It works. I've used it, but I'm not sure about portability issues. It basically finds the address of the syscall table. Once you get it, you can hook your own function. You can have a look at old versions of Oprofile as well. > > Regards > Ashish > > > Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/ > > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx > Please read the FAQ at http://kernelnewbies.org/FAQ > > -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
