From mboxrd@z Thu Jan  1 00:00:00 1970
From: ravikumar.vallabhu@gmail.com (V.Ravikumar)
Date: Wed, 28 Mar 2012 09:16:34 +0530
Subject: Hooking a system call.
In-Reply-To: <CAGdaadaJerz7PgXt-tzJmpPoK6MdefQVRXxzPyYV_2Q=ffmQ8Q@mail.gmail.com>
References: <CA+CftcHQhzN2apM5hrrgN=_gZSZjL3znqdLx6YhT6TJksM3V1Q@mail.gmail.com>
	<CAGdaadaJerz7PgXt-tzJmpPoK6MdefQVRXxzPyYV_2Q=ffmQ8Q@mail.gmail.com>
Message-ID: <CA+CftcHAg2Ay7q0JYUwDtkmiA_DOCPL7g3rX2+e_rPJGbuoNxw@mail.gmail.com>
To: kernelnewbies@lists.kernelnewbies.org
List-Id: kernelnewbies.lists.kernelnewbies.org

On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa
<mulyadi.santosa@gmail.com>wrote:

> Hi...
>
> On Mon, Mar 26, 2012 at 11:45, V.Ravikumar <ravikumar.vallabhu@gmail.com>
> wrote:
> > As part of auditing purpose I need to intercept/hook open/read/write
> system
> > calls.
> >
> > As I was lack of knowledge into kernel development.Could somebody help me
> > out here ?
> > I'm working on RHEL-5 machine with Linux kernel version 2.6.18
> > Thanks & Regards,
> > Ravi
>
> IMHO you better use SystemTap, which is based on Kprobes. It can be
> used to hook into almost every part of kernel system, with very less
> overhead.
>
>
Yes SystemTap is one of the elegant way to hook system calls.

But I need one help while hooking write system call. I need to print the
file name also, but file name is not passed to write system call. How can I
get the file for write (or sys_write ) system call.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120328/e4ed1874/attachment.html