On Mon, Nov 10, 2008 at 8:51 PM, <lech@xxxxxxxxxxxxxxxx> wrote: > > Oh I forget - you can take (copy+paste maybe) location of all the calls > from System.map file for your kernel - it is available with majority of > distributions and at any custom compilations. You'll find howtos on the > net. > > The code I mentioned in previous post follows IDT handler for int 0x80 to > get the syscall table. I think its obsolete for compilations for Pentium 4 > and above (syscall handling altered) - but you still get most distros > compiled for i386. > > Don't I need to recompile the kernel to enable kbrobes ? Fun fact: from > desctiption in Matthias post I understood that kprobes actually modifies > the memory to enable hooks, but in x86 architectures you have debug > registers available to set the traps in the very processor. > > -- there is only 4 debug registers available, whereas kprobe allow limitless (almost????) numbers of probe points. -- Regards, Peter Teoh -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
