Hello Rahul I hope you don't mind if I cc: my reply to kernelnewbies as well... On Sat, Apr 24, 2010 at 19:08, rahul patil <rahul.deshmukhpatil@xxxxxxxxx> wrote: > I want to hook a system call (open and unlink ) in linux. > like i want to add code which will print file name and its path when it is > created or deleted. > > I think that i can do this by changing source code for open and unlink > system call. > is there any other method to do this by which i can hook system > call.basically i want to write wrapper routine for > open and unlink system call You mean you want to do it as system wide hook? If it is for certain directories, I think you can use dnotify/inotify. But let's say you want to really hook the syscall. Try to study about kprobes or ftrace. The prerequisite is these features must be enabled first in your kernel. Please kindly study them first, then come back to discuss further issues you might face. Make sure you ask to kernelnewbies first. This doesn't mean I don't want to receive your e-mail. I just want to state that I don't know everything, while if you ask in the mailing list, you have bigger chance to get answer. -- regards, Mulyadi Santosa Freelance Linux trainer and consultant blog: the-hydra.blogspot.com training: mulyaditraining.blogspot.com -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
