Home » Forums » Linux » Linux kernel

Is in kernel 2.6 something similar to sys_call_table in kernels 2.4 ?

Submitted by Anonymous
on October 6, 2004 - 2:09pm

sys_call_table is not exported on 2.6.

Is in kernel 2.6 something similar to sys_call_table in kernels 2.4 ?

‹ PTRACE_SETOPTIONS tests Memory loss while copying a file to a mounted partition... ›

I looked through the Intel vt

Anonymous
on
October 6, 2004 - 6:26pm

I looked through the Intel vtune driver once (the kernel module is GPL, the software for analysing its output is closed) and IIRC, there was a routine in there for scanning for the symbol table. Given that, I suspect that there isn't an equivalent (at least not one that's useful for vtune) but that it is still possible to find it...

Any particular reason for needing to find it? The vtune driver patches the syscall table to call its own functions, so that it can gather statistics.

re: syscall table

Anonymous
on
October 7, 2004 - 7:55am

Yes, there is a sys_call_table, it's just that Linus got rid of the export for it. However, it is still possible to determine its location in kernel space using the techniques in the article "Linux on-the-fly kernel patching without LKM" in Phrack 58.

I've used this technique in a rootkit kernel module (unreleased - don't ask) and it works flawlessly.

Cheers,
Haggis

You could add an export back

Anonymous
on
October 7, 2004 - 10:08am

You could add an export back in if you need it ;-) It's only a one-line change.

You could...

Anonymous
on
October 8, 2004 - 8:17am

.. but it's not very portable! Not to mention you gotta recompile the kernel and reboot, whereas the Phrack hack works at run-time.

H.

Is it possible to take a look

Anonymous (not verified)
on
September 9, 2005 - 5:45am

Is it possible to take a look in your source?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.