From owner-freebsd-hackers Fri Feb 19 15:38:13 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp02.primenet.com (smtp02.primenet.com [206.165.6.132]) by hub.freebsd.org (Postfix) with ESMTP id C5B1F11412 for ; Fri, 19 Feb 1999 15:36:48 -0800 (PST) (envelope-from tlambert@usr02.primenet.com) Received: (from daemon@localhost) by smtp02.primenet.com (8.8.8/8.8.8) id QAA14451; Fri, 19 Feb 1999 16:36:47 -0700 (MST) Received: from usr02.primenet.com(206.165.6.202) via SMTP by smtp02.primenet.com, id smtpd014359; Fri Feb 19 16:36:36 1999 Received: (from tlambert@localhost) by usr02.primenet.com (8.8.5/8.8.5) id QAA10966; Fri, 19 Feb 1999 16:36:26 -0700 (MST) From: Terry Lambert Message-Id: <199902192336.QAA10966@usr02.primenet.com> Subject: Re: LKM - interceptors To: dseg@texar.com (Dan Seguin) Date: Fri, 19 Feb 1999 23:36:26 +0000 (GMT) Cc: FreeBSD-Hackers@FreeBSD.ORG In-Reply-To: from "Dan Seguin" at Feb 17, 99 04:27:32 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Hi. I'd like to ask if it is possible to write a LKM that would intercept > certain system calls, (do something), then continue the (original) call. > I've looked at the misc LKM and understand moving the sysent, and so on. > Is it possible to reindex the sysent for your LKM (in all the places of > the system calls that you want to intercept), effectively > intercepting a number of system calls (say 3, 4 ,7 etc), then calling the > original system calls from oldent? > > > The goal of this would be to do something like truss but have it inside > of the kernel instead of outside without modifying the kernel (hence the > LKM). Yes, it's possible. You would grab the function pointer from the systent for the daisy-chain, and then replace it with a pointer to your function instead. LKM/KLD system calls already work this way (see the code in /sys/kern/ for system call loading). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message