On Mon, Mar 26, 2012 at 1:18 PM, Mulyadi Santosa
[off-list ref]wrote:

Hi...

On Mon, Mar 26, 2012 at 11:45, V.Ravikumar [off-list ref]
wrote:

quoted

As part of auditing purpose I need to intercept/hook open/read/write

system

quoted

calls.

As I was lack of knowledge into kernel development.Could somebody help me
out here ?
I'm working on RHEL-5 machine with Linux kernel version 2.6.18
Thanks & Regards,
Ravi

IMHO you better use SystemTap, which is based on Kprobes. It can be
used to hook into almost every part of kernel system, with very less
overhead.

Yes SystemTap is one of the elegant way to hook system calls.

But I need one help while hooking write system call. I need to print the
file name also, but file name is not passed to write system call. How can I
get the file for write (or sys_write ) system call.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120328/e4ed1874/attachment.html