LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page system call interception
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 12-04-2008, 11:03 AM   #1
arvind.ayyangar
LQ Newbie
 
Registered: Aug 2006
Posts: 17

Rep: Reputation: 0
system call interception

Hi all,
I have been trying to intercept all the system calls on my system, and want to do it for certain processes only.
I tried playing around with the code in entry_32.S in the kernel sources. If I try to change the value of sys_call_table, the kernel crashes while trying to start the init process. This also happens if I try to move the same value into sys_call_vector again..
i.e, something like

pushl %ecx
movl $sys_call_table, %ecx
movl %ecx, $sys_call_table
popl %ecx
call *sys_call_table(,%eax,4)

Any suggestions ?

--
Cheers
ARviND
 
Old 12-05-2008, 07:40 AM   #2
ErV
Senior Member
 
Registered: Mar 2007
Location: Russia
Distribution: Slackware 12.2
Posts: 1,202
Blog Entries: 3

Rep: Reputation: 62
Quote:
Originally Posted by arvind.ayyangar View Post
Hi all,
I have been trying to intercept all the system calls on my system, and want to do it for certain processes only.
What is your goal? If you just want to debug calls, you could use gdb and break functions from there. To see list of called system functions you can use strace. But if you really want to intercept call and replace it with something else, then you'll have to write your own version of required library and play with LD_PATH.
 
Old 12-05-2008, 11:14 PM   #3
arvind.ayyangar
LQ Newbie
 
Registered: Aug 2006
Posts: 17

Original Poster
Rep: Reputation: 0
>What is your goal?
to intercept all the system calls on my system, and want to do it for certain processes only.

I am not trying to intercept a system call, but trying to override it.

I am aware that binary rewriting is a good technique to intercept system calls, but again, that is not what I want to achieve.

Thanks for your help anyways..
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to call system call from usb driver's code Mr.J Linux - Kernel 4 09-29-2008 03:47 AM
SSL Interception LinuxGeek Linux - Security 13 01-05-2008 09:08 PM
Router interception on server down kasl33 Linux - Networking 2 12-04-2007 12:24 AM
How can i make centos 4.5's system call using vDSO(call *%gs:0x10) instead of int80 tclwp Red Hat 3 08-06-2007 12:07 AM
Calling a system call from a system call? Loc_8 Programming 0 09-16-2006 04:21 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 02:24 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration