if you have a separeate program, then you are going to have to somehow forward requests from kernel space to user space, EVERYTIME A SYSTEM CALL IS MADE. i think that is slowdown you might notice. i just realized that the link i gave you isn't exactly what you need... you said you wanted to screen ALL system calls?? in that case, if you used the above method i posted, you'd have to hijack all 250+ individiually, which prolly isnt waht you want. i think, and im speculating here, that you could instead replace the interrupt vector 0x80 and screen calls from there instead. makes more sense that way, but i've never tried hackin up the interrupt vectors yet.
|