Hi All, Thanks for your reply.. Peter, can you show me any module to set a break point over 0x80 or SYSENTER. And ya, I'll definitely look for inotify. Regards Ashish --- On Tue, 11/11/08, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote: > From: Peter Teoh <htmldeveloper@xxxxxxxxx> > Subject: Re: System call hooking in 2.6 kernel.. > To: lech@xxxxxxxxxxxxxxxx > Cc: "Matthias Kaehlcke" <matthias@xxxxxxxxxxxx>, ashitpro@xxxxxxxxxxx, kernelnewbies@xxxxxxxxxxxx > Date: Tuesday, 11 November, 2008, 4:56 AM > On Tue, Nov 11, 2008 at 5:24 AM, > <lech@xxxxxxxxxxxxxxxx> wrote: > > >> there is only 4 debug registers available, whereas > kprobe allow > >> limitless (almost????) numbers of probe points. > > > > Well yes - but if you want to trace syscalls you can > just set the trap for > > the call gate. > > yes, of course, since all syscall get executed via int > 0x80, or > SYSENTER, so setting breakpoint on these two points in the > kernel can > catch all syscall. > > -- > Regards, > Peter Teoh > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to > ecartis@xxxxxxxxxxxx > Please read the FAQ at http://kernelnewbies.org/FAQ Get perfect Email ID for your Resume. Grab now http://in.promos.yahoo.com/address -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
