On Tue, 18 Apr 2000, Khimenko Victor wrote:
> > yes, an example of changing system calls (temporarily) is in a timetravel
> > module I wrote ages ago:
>
> > http://www.ocston.org/~tigran/tt/tt.html
>
> Hmm. I've not looked on your beast yet, but I'm puzzled: you can intercept
> userspace calls easily (you do not need do it in kernel in fact: take look on
> strace/ltrace/etc) but sometimes kernel just calls sys_open directly ! Is it
> intercepted in your timetravel module as well ?
changing system calls implementation, i.e. replacing them (perhaps
temporarily) is quite different from intercepting or more correctly
"tracing" them, which is what strace/ltrace do. Tracing is a weak form of
replacing, i.e. can be thought of as "replacing with a copy surrounded by
a chunk of code that dumps some arguments, return codes etc."
Have a look at tracesys: label in entry.S and at syscall_trace() function
in arch/i386/kerne/ptrace.c to see what I am talking about.
See the difference now?
However, I know that intercepting (and not just tracing) can be done in
userspace using LD_PRELOAD facility of shared libraries. This leaves one
case where a kernel implementation is a "must" - statically linked
binaries.
Regards,
Tigran
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:17 EST