Hello hackers... Simple example (from kld module):
sysent[SYS_chmod].sy_call = myfunction;
sysent[SYS_open].sy_call = myfunction;
sysent[SYS_execve].sy_call = myfunction;
int
myfunction(register struct proc *p, register void *uap)
{
int syscallno;
syscallno = ?
return (0);
}
How to get syscall number inside myfunction()?
I've always use method used in spy from Andrzej Bialecki:
syscallno = p->p_md.md_regs->tf_eax;
for i386 arch.
But when I catch many syscalls I got false numbers.
Hmm, not false numbers, one false numer: SYS___syscall (and I don't catch it).
So is there some diffrent way to get syscall number (in -STABLE
or in -CURRENT)? Anyone?
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg38792/pgp00000.pgp
Description: PGP signature
