Questions on intercepting execve syscall
Samy Al Bahra
samy at kerneled.com
Mon Nov 17 00:02:29 PST 2003
Quoting Murat Balaban <murat at enderunix.org>:
> It might be that you have some bad address in the execve index of sysent
> array.
This is likely. He could add a printf statement before calling the
original execve just to be sure.
> See http://www.enderunix.org/murat/linux_subexec/linux_subexec.c for a simple
> example.
This is 4.X specific (proc usage). I would just like to note that there is an
execve symbol which you can reference in your code directly (rather than
creating your own pointer for deinitialization).
EX:
-sysent[SYS_execve].sy_call = (sy_call_t *)oldexecve;
+sysent[SYS_execve].sy_call = (sy_call_t *)execve;
On Sun, Nov 16, 2003 at 07:53:30AM -0800, Kai Zhu wrote:
[...]
> > As you can see, I first just want to make sure that my_execve won't affect
> the original execve, then I will add some new logic in my_execve before
> returning to execve().
How exactly are you modifying the system call entry table? Are you modifying
sysent even?
--
+-----------------------------------+
| Samy Al Bahra | samy at kerneled.com |
|-----------------------------------|
| B3A7 F5BE B2AE 67B1 AC4B |
| 0983 956D 1F4A AA54 47CB |
|-----------------------------------|
| http://www.kerneled.com |
+-----------------------------------+
More information about the freebsd-hackers
mailing list