There are numerous ways you can do, once you have root privilege.
But if you don't, it is probably impossible without some illegal way.
Actually, system call hooking itself is not very proper thing even for people with root,
but you can refer to many linux rootkit codes available in security sites.
Most of them use LKM(loadable kernel module)s to load their code,
and manipulate either syscall handler, the system call table, or other structures available in kernel.
You can even manipulate page tables and make the code section writable with your module.
Sangman
On Wed, Apr 7, 2010 at 8:43 AM, Elvis Y. Tamayo Moyares <etmoyares@xxxxxxxxxx> wrote:
hi list
I need to hook a system call in kernel 2.6,for kernel 2.6.30 or higher it is very dificulty. I have read in some places and tell me that in these versions the system call table is read only. Is there any way to hook a system call in kernel 2.6.30 or higher?
thanks in advance
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ