Il 02/10/2010 19.12, Masami Ichikawa wrote:
on 10/02/2010 02:57 PM, mohit verma wrote:
system call address : system call table address
You can see these addresses in /proc/kallsyms
Not any more, sys_call_table is not exported any more in recent kernel
(at least 2.6). That is for avoid malicious code to overload system
calls. You can grep for sys_call_table in System.map (if you don't need
dynamic dereference).
Otherwise the only way I can suggest is something like this, but I'm not
sure it works:
unsigned long ptr;
for (ptr = (unsigned long) <start of kernel>; ptr < (unsigned long) <end
of kernel>; ptr += sizeof(void *)) {
unsigned long *p;
p = (unsigned long *) ptr;
if (p[__NR_close] == (unsigned long) sys_close) {
sct = (unsigned long **) p; // sys_call_table
break;
}
}
Use it at your own risk ;-)
Regards
Luca Ellero
--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ
