Re: System call hooking in 2.6 kernel..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Nov 10, 2008 at 8:51 PM,  <lech@xxxxxxxxxxxxxxxx> wrote:
>
> Oh I forget - you can take (copy+paste maybe) location of all the calls
> from System.map file for your kernel - it is available with majority of
> distributions and at any custom compilations. You'll find howtos on the
> net.
>
> The code I mentioned in previous post follows IDT handler for int 0x80 to
> get the syscall table. I think its obsolete for compilations for Pentium 4
> and above (syscall handling altered) - but you still get most distros
> compiled for i386.
>
> Don't I need to recompile the kernel to enable kbrobes ? Fun fact: from
> desctiption in Matthias post I understood that kprobes actually modifies
> the memory to enable hooks, but in x86 architectures you have debug
> registers available to set the traps in the very processor.
>
> --

there is only 4 debug registers available, whereas kprobe allow
limitless (almost????) numbers of probe points.




-- 
Regards,
Peter Teoh

--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ


[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux