Re: Seek Help !!!

["matrix reloaded" <matrix_reloaded18@xxxxxxxxxxxxxx>]

> > Hi, 
> >    I am totally new to linux kernel . I want to intercept system calls 
> > with sys_call_table. But , it seems that this symbol is not exported in 
> > linux kernel 2.4. 
> >   Is there any method by which i can export this symbol ?? 
> > 
> > Waiting for the help .... 
> > 
 
You can intercept system call even if you don't have sys_call_table exported in 
your running kernel. Just do the following things :- 
1. Try to get the source code for the runnig kernel. 
2. Build vmlinux 
3. With objdump now try to get the address of sys_call_table :- 
 
	$ objdump -D vmlinux >& Output 
 
Here, if you look for "sys_call_table", you can see the address of it. 
4. Now write a kernel module, in which take a char * variable whose value is this... 
and then you can easuly intercept the system call whichever you want with the help 
of __NR_<x> constants which are defined in "linux/unistd.h", So for example if you 
want to intercept sys_exit() :- 
 
	// I'm assuming address of sys_call_table = 0xc1010101 
	long *temp = 0xc1010101; 
	int (*my_function)(int); 
	int (*original_function)(int); 
 
	original_function = *(temp + __NR_exit); 
	*(temp + __NR_exit) = my_function; 
 
 
Hope this helps you... 
 
Thanks. 
Sumit Sharma, 
IBM, Bangalore.