login
Search
Hi all,
I have been trying to intercept all the system calls on my system, and want to do it for certain processes only.
I tried playing around with the code in entry_32.S in the kernel sources. If I try to change the value of sys_call_table, the kernel crashes while trying to start the init process. This also happens if I try to move the same value into sys_call_vector again..
i.e, something like
movl $sys_call_table, %ecx
movl %ecx, $sys_call_table
call *sys_call_table(,%eax,4)
Any suggestions ?
--
Cheers
ARviND
Did you know that sys_call_table is read only?
Hi Ho!
It has been so since 2.5.41.
You may want to read my article on making it writable here: http://kerneltrap.org/node/16668
For further information, you may want to read this discussion: http://kerneltrap.org/node/16734
Best regards,
Eus (FSF member #4445)
In this digital era, where computing technology is pervasive,
your freedom depends on the software controlling those computing devices.
Join free software movement today!
It is free as in freedom, not as in free beer!
Join: http://www.fsf.org/jf?referrer=4445