Menu
Without getting into the details of why, I'm looking for a clean (as possible) way to replace kernel functions and system calls from a loadable module. My initial idea was to write some code to override some functions, which would take the original function (perhaps, if possible, call the function), and then add some of my own code. The key is that the function that I write has to have the name of the original function, so other code, upon trying to access it, will access mine instead.
I can easily (comparatively) do this directly in the kernel by just throwing my code into the appropriate functions, but I was wondering if anyone knew a little C magic that isn't necessarily horrible kernel (or C) coding practice that could achieve the same result.
Thoughts of #defines and typedefs come to mind, but I can't quite hack it out in my head.
In short: does anyone know a way to effectively override functions in the Linux kernel (from a module)?
EDIT: Since it's been asked, I essentially want to log certain functions (creating/deleting directories, etc.) from within the kernel, but for sanity's sake, a loadable module seems to make sense, rather than having to write a big patch to the kernel code and recompile on every change. A minimal amount of added code to the kernel is okay, but I want to offload most of the work to a module.
295
I realise that the question is three years old, but for the benefit of other people trying to do this sort of thing, the kernel has an interface called kprobes to do just what you needed.
104
You probably want to hook the system calls (PDF link), which would effectively let you log user-processes calling kernel functions. If you really want to log the kernel use of kernel functions, you want to look into kernel function trace.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
