LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page Wrapping char device monitor
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 03-13-2024, 12:55 AM   #1
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 737

Rep: Reputation: 78
Wrapping char device monitor

I am working on a kind of forensic shim, another layer in file integrity monitoring.

Looking for a way to wrap or monitor a /dev/device character file for writes and logging what's being written to it.

As example, I have a system that has a loaded .ko that will write data to /dev/device special char file. I want to capture all the writes to the device.

Suggestions?
 
Old 03-18-2024, 01:23 AM   #2
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,266
Blog Entries: 24

Rep: Reputation: 4195Reputation: 4195Reputation: 4195Reputation: 4195Reputation: 4195Reputation: 4195Reputation: 4195Reputation: 4195Reputation: 4195Reputation: 4195Reputation: 4195
I suppose one person's forensic shim is another person's keylogger.

Perhaps that is why the question has not attracted any replies.
 
Old 03-19-2024, 01:43 PM   #3
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 737

Original Poster
Rep: Reputation: 78
I guess in those terms, there does exist legit "keylogging", but in my case it's a .ko loaded in that writes data obtained from probing some SoC gpio pins to a char device. Not everything has bad-actor intent.
 
Old 03-22-2024, 04:10 PM   #4
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,226

Rep: Reputation: 5320Reputation: 5320Reputation: 5320Reputation: 5320Reputation: 5320Reputation: 5320Reputation: 5320Reputation: 5320Reputation: 5320Reputation: 5320Reputation: 5320
I was going to suggest Inotify, but couldn’t you just “”cat” or “tail” the device?
Last edited by dugan; 03-22-2024 at 11:14 PM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
C pointers confusion - char ** = char [][] ?? saravkrish Programming 12 12-02-2004 10:06 AM
C Problem---convert char to char* totti10 Programming 11 11-06-2004 11:32 AM
invalid conversion from `char' to `const char* bru Programming 6 05-09-2004 03:07 PM
convert from char* to unsigned char* D J Linux - Software 2 02-20-2004 04:09 AM
Copy a char* to another char* sathyan Programming 8 07-24-2003 06:15 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 04:51 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration