<804dabb00811100626r1624e8b4hbc4480e15d52686a@xxxxxxxxxxxxxx> <20081110212406.AC4CD40E85D@xxxxxxxxxxxxxxxxx> <804dabb00811101526v8e29c52s2f15bfa9fac255da@xxxxxxxxxxxxxx> <2d51cbf80811110031jf3c0151i462cd673ac622e9e@xxxxxxxxxxxxxx> <20081111084810.GA3069@traven> <2d51cbf80811110059o79b3b1bax81a95dc09b686a15@xxxxxxxxxxxxxx> <20081111100430.GB3069@traven> <2d51cbf80811110226rc4d5c64r550cfb4bf1d57a4d@xxxxxxxxxxxxxx> <2d51cbf80811110227m5473569xfcfd094028b3c896@xxxxxxxxxxxxxx> <ff71fbf20811110958u14a0b575ibd49ed39d765f90a@xxxxxxxxxxxxxx> Message-ID: <564d2d7dc74b78285a7a1e255def1cbb@xxxxxxxxxxxxxxxxx> X-Sender: lech@xxxxxxxxxxxxxxxx Received: from chello089079223139.chello.pl [89.79.223.139] with HTTP/1.1 (POST); Wed, 12 Nov 2008 13:56:41 +0100 User-Agent: RoundCube Webmail/0.1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit BTW: Myself I'm trying to hook execve syscall, but I have problems with it. What I need is after calling execve by user program just do a simple check of file name (by kernel - strstr) and then proceed to normal execution. Without debug registers. Any hints would be greatly appreciated. Or maybe someone would direct me to some up to date introductory material about kernel space / user space transition ? Big thanks, -- Regards, Lech -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ