>Hi,
>
>I don't remember how to extract the syscall list from the kernel. There
>was an article some time ago about this, and checking the syscall address
>to make sure it was not changed in the kernel. Could anyone point me to
>this article? I've tried to google around but didn't find it.
>
>Best
Syscalls are talked about in section 2.7
Forensic Analysis of a Live Linux System, Part Two
http://www.securityfocus.com/infocus/1773
This article is more in depth on this point; it's by the same author.
Detecting Kernel-level Compromises With gdb
http://www.securityfocus.com/infocus/
2 matches
Mail list logo
