I need that somebody says to my module when a user application has started
or finished, and what is its name and pid.
I have rewritten my function and it seems that it works well.
Remember; it is only an example:
=========================================================================
extern void *sys_call_table[];
asmlinkage int (*system_execve)(struct pt_regs);
asmlinkage int (*system_kill)(pid_t, int);
asmlinkage void (*system_exit)(int);
asmlinkage int my_kill(pid_t pid, int sign)
{
printk("\nPROCMON: Killing process %d.\n", pid);
return system_kill(pid, sign);
}
asmlinkage void my_exit(int status)
{
printk("\nPROCMON: Exiting process %d.\n", current->pid);
return system_exit(status);
}
asmlinkage int my_execve(struct pt_regs regs)
{
int error;
char * filename;
lock_kernel();
filename = getname((char *) regs.ebx); //What does getname() do?
error = PTR_ERR(filename);
if (IS_ERR(filename))
{
unlock_kernel();
return error;
}
error = do_execve(filename, (char **) regs.ecx, (char **) regs.edx, ®s);
if (error == 0)
{
current->flags &= ~PF_DTRACE; // ?????
printk("\nPROCMON: Executing process (%d) %s\n", current->pid, filename);
}
putname(filename); //What does putname() do?
unlock_kernel();
return error;
}
int init_module()
{
system_execve = sys_call_table[__NR_execve];
system_kill = sys_call_table[__NR_kill];
system_exit = sys_call_table[__NR_exit];
sys_call_table[__NR_execve] = my_execve;
sys_call_table[__NR_kill] = my_kill;
sys_call_table[__NR_exit] = my_exit;
return 0;
}
void cleanup_module()
{
if (sys_call_table[__NR_execve] != my_execve)
{
printk(KERN_INFO "\nThe system has been left in a unpredictable
state.\nPlease, reboot it.\n");
}
sys_call_table[__NR_exit] = system_exit;
sys_call_table[__NR_kill] = system_kill;
sys_call_table[__NR_execve] = system_execve;
}
If you know a better way, please say me.
-Abel.
-----Original Message-----
From: John Levon [mailto:moz@compsoc.man.ac.uk]
Sent: miércoles, 04 de octubre de 2000 16:21
To: Abel Muñoz Alcaraz
Subject: RE: execve replacement.
On Wed, 4 Oct 2000, [iso-8859-1] Abel Muñoz Alcaraz wrote:
> I need to create a processes hook.
> Do you know an other way?
>
> -Abel.
what do you mean by a hook ? what exact info do you need and when ? than
john
-- "The Internet is a shallow and unreliable electronic repository of dirty pictures, inaccurate rumors, bad spelling and worse grammar, inhabited largely by people with no demonstrable social skills." - Chronicle of Higher Education- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Oct 07 2000 - 21:00:14 EST