[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Dazuko-devel] [PATCH] Syscall hooking for Linux 2.6 available

From: Tikka, Sami
Subject: RE: [Dazuko-devel] [PATCH] Syscall hooking for Linux 2.6 available
Date: Mon, 6 Mar 2006 13:22:51 +0200

>-----Original Message-----
>From: address@hidden [mailto:address@hidden 

>I am looking at linux26_syscall_hook.patch and can't find the 
>bit which actually hooks into the syscall table? It is just 
>from curiosity, to see in what ways can it be done. Are you 
>handling 32-bit syscalls on 64-bit kernels? Because it is an 
>additional syscall table.

The hooks are made using dazuko-style macros (DAZUKO_HOOK).

The 32-bit syscalls on 64-bit kernels are not there. I did not remember that.

>> 3) sys_creat is hooked because it opens a new file.
>Do we care about that from an AV point of view?

I'm not using that at the moment, but it might be needed if one would want to
scan files on close but only if they were modified.

Sami Tikka
F-Secure Corporation

reply via email to

[Prev in Thread] Current Thread [Next in Thread]