LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 08-12-2004, 02:59 PM   #1
djgerbavore
Member
 
Registered: Jun 2004
Location: PA
Distribution: Fedora (latest git kernel)
Posts: 458

Rep: Reputation: 30
over riding system calls


if i want to over ride a system call do i have to apply a patch to the kernel to export the sys_call_table[] and recompile it?
 
Old 08-18-2004, 10:49 AM   #3
djgerbavore
Member
 
Registered: Jun 2004
Location: PA
Distribution: Fedora (latest git kernel)
Posts: 458

Original Poster
Rep: Reputation: 30
http://www.u-e-b-i.com/silvio/kernel-hijack.txt

on this website, the code that they give, if i want this to work do i need to recompile the whole kernel? or can i just patch this into the kernel as a modules or something?

Thanks for the articles, this is exactly what i am looking for
 
Old 08-18-2004, 02:01 PM   #4
infamous41md
Member
 
Registered: Mar 2003
Posts: 804

Rep: Reputation: 30
no you don't need to patch anything. you write a module. did you read the article? it spells things out pretty clearly. if you don't already know how to write LKM's you don't have any business doing evil things like that. i'd consider reading at least the first half of this book first:
http://www.xml.com/ldd/chapter/book/
 
Old 08-18-2004, 03:36 PM   #5
djgerbavore
Member
 
Registered: Jun 2004
Location: PA
Distribution: Fedora (latest git kernel)
Posts: 458

Original Poster
Rep: Reputation: 30
i'm not doing anything evil,

i was just alittle confused i was pretty sure you just make a module and pop it in, but i read another article that explained about adding more sys calls to the kernel, and exporting the sys calls so they can be public instead of static to the file. I guess it depends on what one is doing. thanks
 
Old 08-18-2004, 03:41 PM   #6
infamous41md
Member
 
Registered: Mar 2003
Posts: 804

Rep: Reputation: 30
according to the gospel of linus, intercepting syscalls is evil. for one, on smp it opens you up to race conditions. if another processor tries to run the syscall while your in the midst of replacing the first X bytes, something ugly is going to happen. therefore it is evil.

ps. evil can be fun.
 
Old 08-18-2004, 07:41 PM   #7
djgerbavore
Member
 
Registered: Jun 2004
Location: PA
Distribution: Fedora (latest git kernel)
Posts: 458

Original Poster
Rep: Reputation: 30
haha,

p.s infamous you know your shit. you have answer alot of my questions about programing issues.

Last edited by djgerbavore; 08-18-2004 at 07:51 PM.
 
Old 08-18-2004, 09:21 PM   #8
infamous41md
Member
 
Registered: Mar 2003
Posts: 804

Rep: Reputation: 30
glad i was of some use. h/f
 
Old 08-19-2004, 10:45 AM   #9
Kumar
Member
 
Registered: Sep 2003
Location: Pune, India
Distribution: Red Hat
Posts: 106

Rep: Reputation: 15
Hi,
This is a sample code which I wrote to replace the kill system call. The code is bit crude but it works. Compile the code with the normal switches and ignore the warnings.

Code:
 
#include <linux/module.h>
#include <linux/kernel.h>
#include <asm/unistd.h>
#include <linux/config.h>
#include <linux/utsname.h>
#include <linux/string.h>



void **sys_call_table=(void *)0xc030a0f0;  //check this value from ur System.map file

int (*orig_kill)(int, int);    //I used first argument int...it should have been pid_t

int my_kill(int  pid, int sig)
{
        printk ("<1> Trying to terminate process %d with signal %d\n",pid,sig);
        orig_kill(pid,sig);   // comment this line if you don't want to call the orig. function
        return 0;
}




int init_module(void)
{
        orig_kill = sys_call_table[__NR_kill];
        sys_call_table[__NR_kill] = my_kill;
        return 0;
}

void cleanup_module(void)
{
        sys_call_table[__NR_kill] = orig_kill;
}

Last edited by Kumar; 08-19-2004 at 11:03 AM.
 
Old 08-19-2004, 11:46 AM   #10
djgerbavore
Member
 
Registered: Jun 2004
Location: PA
Distribution: Fedora (latest git kernel)
Posts: 458

Original Poster
Rep: Reputation: 30
Code:
 
int (*orig_kill)(int, int);    //I used first argument int...it should have been pid_t
does this save the kill sys call into orig_kill?

then does myKill gets loaded in the sys_call_table ?

finally, can i compile this as a module and insmod it in the kernel?

thanks
 
Old 08-19-2004, 12:06 PM   #11
cracauer
Member
 
Registered: Jul 2004
Location: Boston, MA, USA
Distribution: FreeBSD, Debian/AMD64, Ubuntu/i386
Posts: 59

Rep: Reputation: 15
If you want to make a system call behave differently for a binary-only but dynamically linked program then it is best to build a shared library which overwrites the symbol, does the wrap and calls into the real libc entry. Then load that shared library with $LD_PRELOAD.

No need to mess with the kernel.
 
Old 08-20-2004, 01:03 AM   #12
Kumar
Member
 
Registered: Sep 2003
Location: Pune, India
Distribution: Red Hat
Posts: 106

Rep: Reputation: 15
Yes. The original kill call is stored in the begining in orig_kill. And during cleanup, it is restored in the sys_call_table. This code can be compiled and inserted in the kernel.
cc -Wall -DMODULE -D__KERNEL__ -DLINUX -c reprm.c

Ignore the warnings and insert the module. If it complains about kernel version, force insert it.Test it by running the a kill command on the prompt. Messages will be printed on the terminals and not on the X as it is using printk.

ps. This code just gives you a basic idea and is not very sophisticated.

Last edited by Kumar; 08-20-2004 at 01:06 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
modifying system calls manjiri Linux - Newbie 3 11-07-2005 02:02 PM
New to C++. I need to learn system calls matazar42 Programming 7 05-01-2005 10:34 PM
Some system calls Spooky Programming 1 11-24-2004 11:17 AM
system calls in Java AMMullan Programming 2 04-14-2004 02:48 AM
System Calls file Hady Programming 1 12-13-2003 01:14 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 07:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration