LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page how to intercept all the system call
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 10-27-2004, 03:46 AM   #1
qqrilxk
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Rep: Reputation: 0
how to intercept all the system call

Now i want to intercept all the system call (in linux2.4 or above),and i want to implement it in LSM.Maybe i can modify the pointer of the sys_call_table to implement it .but it is not the best solution i think .i mean i can mediate all the system calls and get all information about them before they actually occur.i know little about the LSM hook functions.thanks
 
Old 10-27-2004, 06:59 AM   #2
anacOndazz
LQ Newbie
 
Registered: Oct 2004
Location: Europe
Distribution: Knoppix
Posts: 18

Rep: Reputation: 0
System calls
Hya there,


This could give you a hint.


http://uberhip.com/godber/intercepti.../slide_13.html

Have phun,
 
Old 10-27-2004, 10:06 AM   #3
qqrilxk
LQ Newbie
 
Registered: Oct 2004
Posts: 13

Original Poster
Rep: Reputation: 0
thanks,but......
At first ,i am very thank anacOndazz for your reply.but i think i havenot express my idea clearly.indeed that is a good idea to implement it .But i need a unique entry to intercept all the system call ,not like that one by one .I mean to intercept it just before entry a system call really.(just before the occur of sys_*).say it detailly in code (entry.S):
ENTRY(system_call)
pushl %eax
SAVE_ALL
GET_CURRENT(%ebx)
cmpl $(NR_syscalls),%eax
jae badsys
testb $0x02 ,tsk ptrace(%ebx)
jne tracesys


(i wish i can at this point to intercept it and pause it ,i seems to be creat difficult to you)
call *SYMBOL_NAME(sys_call_table)(,%eax,4)
movel %eax,EAX(%esp)
ENTRY(ret_from_sys_call)

in a word ,i want to pause a system call just after it has saved all the information in registers about the system call ,and before the occur of "call *SYMBOL_NAME(sys_call-table)(,%eax,4)",but i donnot want to recomplied the kernel. (it is impossible it seems like)
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
using system call ej25 Programming 9 11-30-2004 11:45 AM
new system call soul2 Linux - General 1 11-03-2004 02:41 PM
Is it possible to use system() and get the return value from the system call newguy21 Programming 1 08-11-2004 01:37 PM
System call dami Linux - General 0 11-18-2003 11:18 AM
about system call alchen1999 Programming 10 09-01-2003 03:43 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 05:21 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration