From owner-freebsd-hackers@FreeBSD.ORG  Mon Jan 31 20:48:10 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9346A16A4CE
	for <freebsd-hackers@freebsd.org>;
	Mon, 31 Jan 2005 20:48:10 +0000 (GMT)
Received: from internet1.mccd.edu (internet1.mccd.edu [198.189.251.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5A22143D45
	for <freebsd-hackers@freebsd.org>;
	Mon, 31 Jan 2005 20:48:10 +0000 (GMT)
	(envelope-from alexander.s@mccd.edu)
X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 31 Jan 2005 12:49:08 -0800
Message-ID: <C246F099C408FE429BCEE7473E2DDC603E21C2@internet1.mccd.edu>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: syscall list
Thread-Index: AcUHz7JBP25IAIeESsumeOJqrQy3kQABhftg
From: "Steven Alexander" <alexander.s@mccd.edu>
To: "H. S." <security@revolutionsp.com>,
	<freebsd-hackers@freebsd.org>
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: RE: syscall list
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2005 20:48:10 -0000

Syscalls are talked about in section 2.7
=20
Forensic Analysis of a Live Linux System, Part Two =09
http://www.securityfocus.com/infocus/1773
=20
This article is more in depth on this point; it's by the same author.
=20
 Detecting Kernel-level Compromises With gdb=20
http://www.securityfocus.com/infocus/1811
=20
I hope this helps.
=20
Steven

	-----Original Message-----
	From: H. S. [mailto:security@revolutionsp.com]=20
	Sent: Monday, January 31, 2005 12:01 PM
	To: freebsd-hackers@freebsd.org
	Subject: syscall list
=09
=09

	Hi,
=09
	I don't remember how to extract the syscall list from the
kernel. There
	was an article some time ago about this, and checking the
syscall address
	to make sure it was not changed in the kernel. Could anyone
point me to
	this article? I've tried to google around but didn't find it.
=09
	Best Regards
=09
	_______________________________________________
	freebsd-hackers@freebsd.org mailing list
	http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
	To unsubscribe, send any mail to
"freebsd-hackers-unsubscribe@freebsd.org"
=09
=09
______________________________________________________________________
	This email has been scanned by the MessageLabs Email Security
System.
	For more information please visit
http://www.messagelabs.com/email
=09
______________________________________________________________________
=09