Abel Muñoz Alcaraz wrote:
> I have replaced the execve() kernel [syscall]
> with my own implementation but it doesn't work well.
In Linux, hooking into sys_call_table[] is a pretty painful way
to interpose on system calls. Unfortunately, there's no other
way to do it (in Linux) that I know of..
John Levon wrote:
>
> On Wed, 4 Oct 2000, [iso-8859-1] Abel Muñoz Alcaraz wrote:
>
> > I need that somebody says to my module when a user application has started
> > or finished, and what is its name and pid.
> >
> you do not need to trace system calls then. Provide a misc char device,
> and get
d cleanup_module()
> {
> if (sys_call_table[__NR_execve] != my_execve)
> {
> printk(KERN_INFO "\nThe system has been left in a unpredictable
> state.\nPlease, reboot it.\n");
> }
>
> sys_call_table[__NR_exit] = system_exit;
>
On Wed, 4 Oct 2000, Brian Gerst wrote:
> John Levon wrote:
> > anyway, you can just put refcounts in your hijacked system calls; that is
> > the safe way to do it, and doesn't require any kernel patches, just extra
> > cost in the intercepted system calls.
> >
> > e.g. :
> >
> > my_syswhatever(
On Wed, 4 Oct 2000, [iso-8859-1] Abel Muñoz Alcaraz wrote:
> I need that somebody says to my module when a user application has started
> or finished, and what is its name and pid.
>
you do not need to trace system calls then. Provide a misc char device,
and get the user app to open it. Then yo
John Levon wrote:
> anyway, you can just put refcounts in your hijacked system calls; that is
> the safe way to do it, and doesn't require any kernel patches, just extra
> cost in the intercepted system calls.
>
> e.g. :
>
> my_syswhatever(...)
> {
> MOD_INC_USE_COUNT;
> original
exit] = system_exit;
sys_call_table[__NR_kill] = system_kill;
sys_call_table[__NR_execve] = system_execve;
}
If you know a better way, please say me.
-Abel.
-Original Message-
From: John Levon [mailto:[EMAIL PROTECTED]]
Sent: miércoles, 04 de octubre de 2000 16:21
To: Abel Muñoz Alc
On Wed, 4 Oct 2000, Brian Gerst wrote:
> Even your overloader has a small module unload race. The only 100%
> race-free way is to put module usage counting into the core kernel, like
> the VFS changes with ->open that were done in 2.3.x. This would mean
> added overhead for all syscalls, so man
John Levon wrote:
>
> On Wed, 4 Oct 2000, Brian Gerst wrote:
>
> > "it doesn't work well" is a bit vague...
> >
> > I am guessing that you are getting an unresolved symbol. Modifying the
> > system call table is not and probably never will be available for
> > modules. The syscall table is ver
On Wed, 4 Oct 2000, Brian Gerst wrote:
> "it doesn't work well" is a bit vague...
>
> I am guessing that you are getting an unresolved symbol. Modifying the
> system call table is not and probably never will be available for
> modules. The syscall table is very architecture dependant, and is n
On Wed, 4 Oct 2000, [iso-8859-1] Abel Muñoz Alcaraz wrote:
> Hi everybody,
>
> I have replaced the execve() kernel API with my own implementation but it
> doesn't work well.
>
> extern void * sys_call_table[]
>
> asmlinkage int (*system_execve)(const char *, c
Abel Muñoz Alcaraz wrote:
>
> Hi everybody,
>
> I have replaced the execve() kernel API with my own implementation but it
> doesn't work well.
"it doesn't work well" is a bit vague...
I am guessing that you are getting an unresolved symbol. Modifying the
system call table is not and p
12 matches
Mail list logo
