Re: overriding system calls (was Re: System.map in UML)

[Eugene Teo <eugene.teo@eugeneteo.net>]

newbie (me) at work :-)

<quote sender="Ed L Cashin">
> On Sun, Jun 08, 2003 at 07:21:35PM +0800, Eugene Teo wrote:
> Hi, Eugene Teo.  Would you mind describing what you're 
> doing?  I thought that I understood what you were doing,
> but now I'm sure I don't.  ;)
> 
> If I were trying to override a system call, I'd write 
> my own implementation and replace the entry in the 
> vector of system call function pointers.

what i did is i get the symbol address from the global kernel
symbol table, save the address, overwrite the function with
a new address (aka replace the entry in the system call 
vector), do what i want, load my payload, then overwrite the
function with the original address, and voila, :-)

now, i have to spend some time learning something useful before
i get people throwing stones at me :)

Eugene
-- 
Eugene TEO @ Linux Users Group, Singapore <eugeneteo@lugs.org.sg>
GPG FP: D851 4574 E357 469C D308  A01E 7321 A38A 14A0 DDE5 
main(i){putchar(182623909>>(i-1)*5&31|!!(i<7)<<6)&&main(++i);}

--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/