On Wed, Nov 23, 2011 at 12:10 PM, Daniel Baluta <daniel.baluta@xxxxxxxxx> wrote: > On Wed, Nov 23, 2011 at 11:22 AM, Alexandru Juncu <alex.juncu@xxxxxxxxxx> wrote: >> On Wed, Nov 23, 2011 at 10:40 AM, Geraint Yang <geraint0923@xxxxxxxxx> wrote: >>> Hello everyone, >>> >>> I am going to hook a system call like 'read' or 'send' by modifying the >>> sys_call_table, but it seems that the sys_call_table is in read only page, >>> how can I set modify the sys_call_table ? Or if there any method that I can >>> use to hook a system call in module without modify the kernel source? >>> >>> Thanks! >> >> On a 2.6.35 kernel, it worked for me just by changing an entry in the >> sys_call_table, within a kernel module. Something like this: > > Alex, > I am pretty sure that you are using a hacked version of 2.6.35. > > Geraint, > In order to be able to hook a syscall you must do the following: > > 1. export syscall_table in arch/x86/kernel/i386_ksyms_32.c > > extern void* sys_call_table[]; > EXPORT_SYMBOL(sys_call_table); > > 2. make sys_call_table writebale. In arch/x86/kernel/entry_32.S > you must have: > > .section .data,"a" > #include "syscall_table_32.S" > > thanks, > Daniel. > Ah, Daniel is right... I forgot about that part... _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
