On Fri, Dec 20, 2002 at 07:43:37PM +0100, Pawel Jakub Dawidek wrote:
+> Simple example (from kld module):
+>
+> sysent[SYS_chmod].sy_call = myfunction;
+> sysent[SYS_open].sy_call = myfunction;
+> sysent[SYS_execve].sy_call = myfunction;
+>
+> int
+> myfunction(register struct proc *p, register void *uap)
+> {
+> int syscallno;
+>
+> syscallno = ?
+>
+> return (0);
+> }
+>
+> How to get syscall number inside myfunction()?
+>
+> I've always use method used in spy from Andrzej Bialecki:
+>
+> syscallno = p->p_md.md_regs->tf_eax;
+>
+> for i386 arch.
+> But when I catch many syscalls I got false numbers.
+> Hmm, not false numbers, one false numer: SYS___syscall (and I don't catch it).
Ok, I've found solution (ripped from trap.c, ehh).
int
myfunction(register struct proc *p, register void *uap)
{
int scno;
caddr_t params;
scno = p->p_md.md_regs->tf_eax;
params = (caddr_t)p->p_md.md_regs->tf_esp + sizeof(int);
if (scno == SYS_syscall) {
scno = fuword(params);
params += sizeof(int);
} else if (scno == SYS___syscall) {
scno = fuword(params);
params += sizeof(quad_t);
}
/* Now we got correct syscall number in 'scno'. */
[...]
return (0);
}
--
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.
msg38795/pgp00000.pgp
Description: PGP signature
