I developed a custom system call to log killed processes. A C program kills the process and it invokes the custom system call, passes the process ID of the killed process and then the system call will print out the killed process's ID to the kernel's log. Here I'm just passing a dummy to test if the system call writes to the kernel log. The system call's number in the system call table is 329.
Below is my system call
#include <linux/kernel.h>
asmlinkage long sys_killa(char* proc_id)
{
    printk("The process %s has been killed", proc_id);
    return 0;
}
This is my C program to call my custom system call.
#include <stdio.h>
#include <linux/kernel.h>
#include <sys/syscall.h>
#include <unistd.h>
int main()
{
    char proc_id[5] = "3219";
    long int sys = syscall(329, proc_id);
    printf("System call sys_killa returned %ld\n", sys);
    return 0;
}
Running the C program simply prints "Killed" in the terminal. Running the program again crashes my virtual machine. Nothing is printed out in the kernel log when I check using dmesg utility. What am I doing wrong? 
Need to use pid_t variable instead of String.This is the modified system call:
#include <linux/kernel.h>
asmlinkage long sys_killa(pid_t pid)
{
    long pid_l = (long) pid;
    printk("The process %ld has been killed", pid_l);
    return 0;
}
This is the modified C code to use the system call:
#include <stdio.h>
#include <linux/kernel.h>
#include <sys/syscall.h>
#include <unistd.h>
int main()
{
    pid_t pid = 3249;
    long int sys = syscall(329, pid);
    printf("System call sys_killa returned %ld\n", sys);
    return 0;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With