Oh I forget - you can take (copy+paste maybe) location of all the calls from System.map file for your kernel - it is available with majority of distributions and at any custom compilations. You'll find howtos on the net. The code I mentioned in previous post follows IDT handler for int 0x80 to get the syscall table. I think its obsolete for compilations for Pentium 4 and above (syscall handling altered) - but you still get most distros compiled for i386. Don't I need to recompile the kernel to enable kbrobes ? Fun fact: from desctiption in Matthias post I understood that kprobes actually modifies the memory to enable hooks, but in x86 architectures you have debug registers available to set the traps in the very processor. -- Regards, Lech -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ