Date: Mon, 17 Nov 2003 11:02:10 +0300 From: Samy Al Bahra <samy@kerneled.com> To: Murat Balaban <murat@enderunix.org> Cc: Kai Zhu <zkzklj@yahoo.com> Subject: Re: Questions on intercepting execve syscall Message-ID: <1069056130.3fb8808299d19@www.kerneled.com> In-Reply-To: <20031116201323.GA26716@enderunix.org> References: <20031116155330.42894.qmail@web21409.mail.yahoo.com> <20031116201323.GA26716@enderunix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Murat Balaban <murat@enderunix.org>: > It might be that you have some bad address in the execve index of sysent > array. This is likely. He could add a printf statement before calling the original execve just to be sure. > See http://www.enderunix.org/murat/linux_subexec/linux_subexec.c for a simple > example. This is 4.X specific (proc usage). I would just like to note that there is an execve symbol which you can reference in your code directly (rather than creating your own pointer for deinitialization). EX: -sysent[SYS_execve].sy_call = (sy_call_t *)oldexecve; +sysent[SYS_execve].sy_call = (sy_call_t *)execve; On Sun, Nov 16, 2003 at 07:53:30AM -0800, Kai Zhu wrote: [...] > > As you can see, I first just want to make sure that my_execve won't affect > the original execve, then I will add some new logic in my_execve before > returning to execve(). How exactly are you modifying the system call entry table? Are you modifying sysent even? -- +-----------------------------------+ | Samy Al Bahra | samy@kerneled.com | |-----------------------------------| | B3A7 F5BE B2AE 67B1 AC4B | | 0983 956D 1F4A AA54 47CB | |-----------------------------------| | http://www.kerneled.com | +-----------------------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1069056130.3fb8808299d19>