Intercept system calls in Kernal 2.6

I have linux box running with Kernal 2.6, and I trying to intercept all the system calls. This method is like this, the system call the system calls, then redirected to my program/modlue where has the "fake" system calls, my program/(molule) intercept the system calls, make a record, then call the "real" system calls.

If there anyway I can do it? or someone can provide an example?
yarockAsked:
Who is Participating?
 
pjedmondConnect With a Mentor Commented:
http://www.faqs.org/docs/kernel/

is the guide that I started with, and:

http://www.faqs.org/docs/kernel/x350.html

demonstrates how to pass arguments to the modules. You would need to accept the arguments that the original module would accept, and then pass them to the *real* module.

In order to do this, you would either have to recompile the kernel to call your module first, or rename the module that you want to intercept the calls of to something else.

http://www.digitalhermit.com/linux/Kernel-Build-HOWTO.html

was my original starting documentation when I started messing with this type of thing.

(   (()
(`-' _\
 ''  ''

0
 
manish_regmiConnect With a Mentor Commented:
Hi adding or replacing a system call in 2.6 kernel is simply not possible using a module. The reason is the system call table is not exported to modules. so the system call table is not visible to your module.

What you can do is change the kernel codes itself. But it will be difficult to distribute.


regards
Manish Regmi
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.