System Call Hooking

peru0002 · 09-07-2009, 12:38 AM

Hi All,

I am trying to do system call hooking in Linux v2.6.28.8
sys-call-table is not an exported symbol in Linux v2.6, so I have downloaded the source code and tried to apply the patches from
http://kerneltrap.org/node/16668. However I couldn't apply the patches successfully.I think maybe because the patches is for 2.6.21.5.
Is this the correct way or is there any other methods to access the system call table?

unSpawn · 09-07-2009, 03:42 AM

If you know a little bit about SCT history (read the LKML?) you know by now that trying to hook into the SCT points to using the wrong method. So why would you want to hook into the SCT anyway if I may ask?

ta0kira · 09-07-2009, 11:11 AM

It appears to be a very simple patch, so you can probably just perform it manually provided you can find the correct lines.
Kevin Barry

peru0002 · 09-08-2009, 12:13 AM

I am trying to replace system calls with my own using Loadable Kernel Modules (LKM). How to replace system calls without accessing SCT? Is there any other method?

I performed the patch manually and built the kernel. But when I try to load my LKM it shows "segmentation fault".