LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-24-2011, 03:17 AM   #1
SamZ87
LQ Newbie
 
Registered: Feb 2011
Posts: 2

Rep: Reputation: 0
Question Hook system calls at kernel space upon installation of any application


Hi,

I am new to Linux. I want to hook and log all system calls or kernel APIs when any application is installed.

I am using Ubuntu Linux.

Please point me to the right direction and startup thing that helpful in getting the solution. I am stuck dreadfully.


Thanks in advance.
 
Old 02-26-2011, 02:53 AM   #2
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,397
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
Does strace do what you need?
--- rod
 
Old 02-26-2011, 03:56 AM   #3
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 15,961

Rep: Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211Reputation: 2211
Have a look here for some options. It's a little old, but the author is a well known kernel developer.
I've found systemtap of use on occasions.
 
Old 03-01-2011, 02:13 AM   #4
SamZ87
LQ Newbie
 
Registered: Feb 2011
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks Rod but unfortunately, strace didn't solve my problem. I am looking for something in which each system call to kernel is routed through my code. For example, when any application calls kernel API, my code will make a call to that particular API instead of direct calling.

Do you have any options, that would be really helpful?

--Sam
 
Old 03-01-2011, 12:14 PM   #5
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,397
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
If you are going to do what you suggest, it cannot happen in userspace; you will have to do what you are trying to do with a kernel module. What is the end objective for this idea? Perhaps you can accomplish it in another way. What you are suggesting subverts much of the standard security model of Linux.

--- rod.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how does java calls the system calls which are written in c babu198649 Linux - General 3 12-05-2011 04:40 AM
LXer: Learn how to invoke Linux kernel function system calls LXer Syndicated Linux News 0 04-07-2010 10:10 PM
notify user space application from the kernel space lordofring Linux - Software 2 06-22-2009 01:32 PM
On executing system calls,does control jumps to kernel... Felicia23 Linux - Newbie 3 01-08-2009 04:15 PM
Adding system calls to the kernel yakul Programming 1 11-19-2005 10:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration