Date: Fri, 19 Feb 1999 23:36:26 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: dseg@texar.com (Dan Seguin) Cc: FreeBSD-Hackers@FreeBSD.ORG Subject: Re: LKM - interceptors Message-ID: <199902192336.QAA10966@usr02.primenet.com> In-Reply-To: <Pine.BSF.3.91.990217162004.11281E-100000@pak.texar.com> from "Dan Seguin" at Feb 17, 99 04:27:32 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Hi. I'd like to ask if it is possible to write a LKM that would intercept > certain system calls, (do something), then continue the (original) call. > I've looked at the misc LKM and understand moving the sysent, and so on. > Is it possible to reindex the sysent for your LKM (in all the places of > the system calls that you want to intercept), effectively > intercepting a number of system calls (say 3, 4 ,7 etc), then calling the > original system calls from oldent? > > > The goal of this would be to do something like truss but have it inside > of the kernel instead of outside without modifying the kernel (hence the > LKM). Yes, it's possible. You would grab the function pointer from the systent for the daisy-chain, and then replace it with a pointer to your function instead. LKM/KLD system calls already work this way (see the code in /sys/kern/ for system call loading). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902192336.QAA10966>