[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sys_call_table

To: "Anomalous Force" <anomalous_force@yahoo.com>,<kernelnewbies@nl.linux.org>
Subject: Re: sys_call_table
From: "toni_bassas" <toni_bassas@yahoo.es>
Date: Mon, 30 Dec 2002 08:35:48 +0100
List-archive: <http://mail.nl.linux.org/kernelnewbies/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:kernelnewbies@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:kernelnewbies-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;kernelnewbies-archive@nl.linux.org
References: <20021222192344.15744.qmail@web13207.mail.yahoo.com>
Sender: kernelnewbies-bounce@nl.linux.org

There is an easy solution for this "obvious żż??" fixed problem.

This works fine with Red Hat 8.0 - kernel 2.4.18-14,
the first distribution that not exports system_call anymore.

You can include this function (locate_sys_call_table) in a
kernel module for intercept sys_calls or create
an independent module that all his job will be
re EXPORT_SYMBOL(sys_call_table) to others modules.


....
#include <linux/syscall.h>
#include <asm/unistd.h>

static void **sys_call_table;

//nearest exported symbol to syscalls in my kernel,
//i hope in others kernels too
//but in other form you can look at your kernel sources

extern void *system_utsname;

....

static int locate_sys_call_table(void) {
    unsigned long *begin;
    int i;

    begin=(unsigned long *) &system_utsname;
    for (i=0;i<1024;i++) {
        if (*(begin+i)==(unsigned long) sys_socketcall) {
            sys_call_table=(void *) (begin+i-__NR_socketcall);
            //are you sure?
            if (sys_call_table[__NR_exit]==(void *) sys_exit) {
                printk("success: located sys_call_table: %X\n",(unsigned
int) sys_call_table);
                return(1);
            }
        }
    }
    return(0);
}


int __init init_exportmodule (void)
{

    if (!locate_sys_call_table()) {
        // ... cry again and return error
    }

    //.....sys_call_table[] works now!!
    //......do something like export symbol
    //.... or intercept any syscall

}

...
that's all.


----- Original Message -----
From: "Anomalous Force" <anomalous_force@yahoo.com>
To: <kernelnewbies@nl.linux.org>
Sent: Sunday, December 22, 2002 8:23 PM
Subject: sys_call_table


> on the website's faq page under the heading
>
> "How do I intercept system calls ?"
>
> the phrase:
>
> Note that Linus removed sys_call_table in 2.5 kernels.
>
> is not correct.
>
>
> =====
> Main Entry: anom·a·lous
> 1 : inconsistent with or deviating from what is usual, normal, or
expected: IRREGULAR, UNUSUAL
> 2 (a) : of uncertain nature or classification (b) : marked by incongruity
or contradiction : PARADOXICAL
> synonym see IRREGULAR
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
> --
> Kernelnewbies: Help each other learn about the Linux kernel.
> Archive:       http://mail.nl.linux.org/kernelnewbies/
> FAQ:           http://kernelnewbies.org/faq/

___________________________________________________
Yahoo! Postales
Felicita las Navidades con las postales más
divertidas desde http://postales.yahoo.es
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/

References:
- sys_call_table
  - From: Anomalous Force <anomalous_force@yahoo.com>

Prev by Date: Re: links needed
Next by Date: static inline struct task_struct * get_current(void)
Prev by thread: Re: sys_call_table
Next by thread: Buy Printer Ink Direct from Factory, SAVE up to 89%
Index(es):
- Date
- Thread