Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Intercept system calls in Kernal 2.6

Posted on 2006-07-07
2
Medium Priority
?
272 Views
Last Modified: 2013-12-16
I have linux box running with Kernal 2.6, and I trying to intercept all the system calls. This method is like this, the system call the system calls, then redirected to my program/modlue where has the "fake" system calls, my program/(molule) intercept the system calls, make a record, then call the "real" system calls.

If there anyway I can do it? or someone can provide an example?
0
Comment
Question by:yarock
2 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 1200 total points
ID: 17062360
http://www.faqs.org/docs/kernel/

is the guide that I started with, and:

http://www.faqs.org/docs/kernel/x350.html

demonstrates how to pass arguments to the modules. You would need to accept the arguments that the original module would accept, and then pass them to the *real* module.

In order to do this, you would either have to recompile the kernel to call your module first, or rename the module that you want to intercept the calls of to something else.

http://www.digitalhermit.com/linux/Kernel-Build-HOWTO.html

was my original starting documentation when I started messing with this type of thing.

(   (()
(`-' _\
 ''  ''

0
 
LVL 8

Assisted Solution

by:manish_regmi
manish_regmi earned 800 total points
ID: 17110264
Hi adding or replacing a system call in 2.6 kernel is simply not possible using a module. The reason is the system call table is not exported to modules. so the system call table is not visible to your module.

What you can do is change the kernel codes itself. But it will be difficult to distribute.


regards
Manish Regmi
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month10 days, 12 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question