Re: System call dispatch table
Re: System call dispatch table
- Subject: Re: System call dispatch table
- From: Timothy Weiand <email@hidden>
- Date: Mon, 24 Oct 2005 10:32:40 -0700
On Oct 21, 2005, Terry Lambert replied and on Oct 24, 2005 Timothy Weiand continued :
3b) Consider describing the problem you are trying to solve so that people on this list can suggest approaches I would like to detect all file interaction for a given process. I would like to sandbox some programs before they are used by my team. My first approach was to try and create a dynlib that will do this redirection on a process by process basis (this is the process that InstallWatch uses on linux systems). Modifying the kernel to audit file interaction seemed much easier.
1) There is no k_open in sysent[]; you are probably thinking of something else
Very sorry about the loose terminology. To be very specific, this code used to work for me (code Copyright by Amit Singh from www.kernelthread.com): kern_return_t SyscallExt_start (kmod_info_t * ki, void * d) { k_open = sysent[SYS_open].sy_call; sysent[SYS_open].sy_call = r_open; printf("open() rerouted.\n"); return KERN_SUCCESS; }
2) Use the KPIs instead
10-4, I will research this today.
Is there a better technique for this?
-Timothy
---------------------------------- Timothy R. Weiand
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden