From owner-freebsd-hackers  Wed Feb 17 13:27: 1 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from pak.texar.com (pak.texar.com [207.112.49.1])
	by hub.freebsd.org (Postfix) with ESMTP id 94B4611586
	for <FreeBSD-Hackers@FreeBSD.org>; Wed, 17 Feb 1999 13:26:35 -0800 (PST)
	(envelope-from dseg@pak.texar.com)
Received: (from dseg@localhost) by pak.texar.com (8.8.8/8.8.3) id QAA11349; Wed, 17 Feb 1999 16:27:32 -0500 (EST)
Date: Wed, 17 Feb 1999 16:27:32 -0500 (EST)
From: Dan Seguin <dseg@texar.com>
To: FreeBSD Hackers <FreeBSD-Hackers@FreeBSD.org>
Subject: LKM - interceptors
Message-ID: <Pine.BSF.3.91.990217162004.11281E-100000@pak.texar.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



Hi. I'd like to ask if it is possible to write a LKM that would intercept
certain system calls, (do something), then continue the (original) call. 
I've looked at the misc LKM and understand moving the sysent, and so on. 
Is it possible to reindex the sysent for your LKM (in all the places of 
the system calls that you want to intercept), effectively 
intercepting a number of system calls (say 3, 4 ,7 etc), then calling the 
original system calls from oldent?


The goal of this would be to do something like truss but have it inside 
of the kernel instead of outside without modifying the kernel (hence the 
LKM).


 I hope I've made this clear enough.


Dan Seguin

Azure Automata, Inc.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message