> Untidy way : - > Yes, you can do that by registering a new binary format handler. Whenever > exec is called, a list of registered binary format handlers is scanned, in > the same way you can hook the load_binary & load_library function pointers > of the already registered binary format handlers. Challenge with this untidy way is to identify the correct format, for example if you are interested in only hooking ELF format, there is no special signature withing the registered format handler to identify that, however if one format handler recognizes the file header, its load_binary will return 0. This can give you the hint that you are sitting on top of correct file format. Long time back I had written the similar module in Linux to do the same, but can't share the code :) -Rajat On Thu, Sep 22, 2011 at 3:14 PM, rohan puri <rohan.puri15@xxxxxxxxx> wrote: > > > On Thu, Sep 22, 2011 at 1:53 PM, Abhijit Pawar <apawar.linux@xxxxxxxxx> > wrote: >> >> hi list, >> Is there any way to hook the exec system call on Linux box apart from >> replacing the call in System Call table? >> >> Regards, >> Abhijit Pawar >> >> _______________________________________________ >> Kernelnewbies mailing list >> Kernelnewbies@xxxxxxxxxxxxxxxxx >> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > > Tidy way : - > > You can do that from LSM (Linux security module). > > Untidy way : - > Yes, you can do that by registering a new binary format handler. Whenever > exec is called, a list of registered binary format handlers is scanned, in > the same way you can hook the load_binary & load_library function pointers > of the already registered binary format handlers. > > Regards, > Rohan Puri > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies@xxxxxxxxxxxxxxxxx > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > > _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
