* Tzahi Fadida <[EMAIL PROTECTED]> [070221 15:21]: > On Wednesday 21 February 2007 08:19, Baruch Even wrote: > > * Tzahi Fadida <[EMAIL PROTECTED]> [070221 02:38]: > > I'm not aware of a way to do what you ask (redirect the function to you > > and be able to call it), you can however look at kprobe which is part of > > the kernel. kprobe allows you to stick trap points into the kernel and > > be called at that point, I don't remember the exact name but they have a > > method to stick the probe at the end of the function (and also at the > > beginning or arbitrary location). > > > > I've used this method to trace methods and it's fairly expensive since > > it uses int3 trap points to do its work but if performance is not > > critical for you it should be fine. > > kprobe is what i was looking for. Actually, jprobe so i cal also view the > function parameters i am attaching to. The problem is that kprobe does not > appear on the uml(user mode linux) list in menuconfig which probably means it > is not supported there. -> i need to compile a real kernel or use vmware or > something like that. I prefer to continue to use uml. > Let's say i do wish to change the kernel code. How do i add a code that will > refer to my module once it is loaded? I.e. i wish to add a stub in that > function in the kernel that will call a function in my module if it is up.
The way to do it is hard and fraught with peril, it will require assembly programming which I'm not sure I'll be able to do myself, but can try to pass the idea. What you need is to put a trampoline of sorts at the start of the function, this is similar to what kprobe does, the difference would be that kprobe places an int3 and you'll need to place a direct call to your replacing method. At the end of your function you need to call the original method, either bby temporarily restoring the original location or by copying it to another place and running it there. I think it will be easier to run under qemu/kvm than do this. Baruch ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
