Pawel Jakub Dawidek wrote:
> But I may catch even _all_ system call, so making separate functions
> for every syscall isn't good idea (if I understand You well).
The place to deal with that is to replace the exec loader so you
can manage the trap code yourself, instead of replacing system
call ent
On Sat, Dec 21, 2002 at 10:32:06AM -0800, Terry Lambert wrote:
+> > +> This is actually a bad way to do things.
+> > +>
+> > +> There is a system call loadable module type, and you should
+> > +> use that instead of directly accessing the system call entry
+> > +> table and stomping on values witho
Pawel Jakub Dawidek wrote:
> On Sat, Dec 21, 2002 at 09:45:54AM -0800, Terry Lambert wrote:
> +> This is actually a bad way to do things.
> +>
> +> There is a system call loadable module type, and you should
> +> use that instead of directly accessing the system call entry
> +> table and stomping o
On Sat, Dec 21, 2002 at 09:45:54AM -0800, Terry Lambert wrote:
+> This is actually a bad way to do things.
+>
+> There is a system call loadable module type, and you should
+> use that instead of directly accessing the system call entry
+> table and stomping on values without asserting appropriate
Pawel Jakub Dawidek wrote:
> On Fri, Dec 20, 2002 at 07:43:37PM +0100, Pawel Jakub Dawidek wrote:
> +> Simple example (from kld module):
> +>
> +> sysent[SYS_chmod].sy_call = myfunction;
> +> sysent[SYS_open].sy_call = myfunction;
> +> sysent[SYS_execve].sy_call = myfunction;
[ ... ]
> Ok, I've fou
struct proc *p, register void *uap)
+> {
+> int syscallno;
+>
+> syscallno = ?
+>
+> return (0);
+> }
+>
+> How to get syscall number inside myfunction()?
+>
+> I've always use method used in spy from Andrzej Bialecki:
+>
+> sysc
(0);
}
How to get syscall number inside myfunction()?
I've always use method used in spy from Andrzej Bialecki:
syscallno = p->p_md.md_regs->tf_eax;
for i386 arch.
But when I catch many syscalls I got false numbers.
Hmm, not false numbers, one false numer: SYS___syscall (
7 matches
Mail list logo
