On Mon, Mar 26, 2012 at 10:14 AM, V.Ravikumar <ravikumar.vallabhu@xxxxxxxxx> wrote: > > > On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> > wrote: >> >> Hi... >> >> On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <ravikumar.vallabhu@xxxxxxxxx> >> wrote: >> > As part of auditing purpose I need to intercept/hook open/read/write >> > system >> > calls. >> > >> > As I was lack of knowledge into kernel development.Could somebody help >> > me >> > out here ? >> > I'm working on RHEL-5 machine with Linux kernel version 2.6.18 >> > Thanks & Regards, >> > Ravi >> >> IMHO you better use SystemTap, which is based on Kprobes. It can be >> used to hook into almost every part of kernel system, with very less >> overhead. >> > Ok I'll also look into System Tap. > > But in my sample module example code for intercepting system call. how can > I make system_call_table address to writable so that one can change to > customized system call. > > Thanks & Regards, > Ravi > Updating the system_call_table is racy, that is why is not writable. You should really use kprobes or systemtap for that. Regards, -- Javier Martínez Canillas (+34) 682 39 81 69 Barcelona, Spain _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
