Hi,

I am using the following kernel module to intercept some syscalls. I have got sys_call_table address from the /boot/System.map.x.x. The module works file on Ubuntu 7.10 (2.6.24) but gets killed upon insmod in Ubuntu 10.04 and Fedora 12 (2.6.32) with error "Kernel paging request error address c0xxxxx [which is, based on System.map, an address in sys_call_table]".

Any ideas how to solve the problem?

Regards,
::Saman

#include
#include
#include
#include
#include

MODULE_LICENSE ("GPL");

unsigned long *sys_call_table;

asmlinkage long (*original_sys_unlink) (const char *pathname);

/*return -1. this will prevent any process from unlinking any file*/
asmlinkage long hacked_sys_unlink(const char *pathname)
{
return -1;
}

static int _ _init my_init (void)
{
/*obtain sys_call_table from hardcoded value
we found in System.map*/
*(long *)&sys_call_table=0xc044fd00;

/*store original location of sys_unlink. Alter sys_call_table
to point _ _NR_unlink to our hacked_sys_unlink*/
original_sys_unlink =(void * )xchg(&sys_call_table[_ _NR_unlink],
hacked_sys_unlink);

return 0;
}

static void my_exit (void)
/*restore original sys_unlink in sys_call_table*/
xchg(&sys_call_table[_ _NR_unlink], original_sys_unlink);

}

module_init(my_init);
module_exit(my_exit);