Hi... On Thu, Apr 8, 2010 at 01:01, Elvis Y. Tamayo Moyares <etmoyares@xxxxxxxxxx> wrote: > It's true. I managed to hook into the kernel 2.4 and 2.6 using LKM but how > can do it in 2.6.30 or higher, not let me change the syscall table > references ... > when I add the LKM to stdout I get 'Killed'. > and when I try to remove the LKM tells me that is in use. > In some sites say that around 2.6.30 the syscall table is readonly. > I need to know if there is another way to make the syscall hook arround > 2.6.30 Please don't top post... Another step you can try is by hooking directly to the syscall function itself. I mean, let's say you want to hook fork, then IIRC you can hook the do_fork(). You may use kprobe for this need (if you enable it in your current kernel). Or you may try to explore ftrace's function hook. Have fun .... -- regards, Mulyadi Santosa Freelance Linux trainer and consultant blog: the-hydra.blogspot.com training: mulyaditraining.blogspot.com -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
