覆盖功能在Linux内核模块 [英] Overriding functionality with modules in Linux kernel
问题描述
没有进入的的为什么的,我在寻找一个干净的(尽可能)的方式来取代内核函数和系统的细节从一个可加载模块调用。我最初的想法是写一些code重写某些功能,(也许如果可能的话,的呼叫的功能),它会使用原有的功能,然后加上我自己的一些$ C $的C。最关键的是,我写函数必须有原函数的名称,因此其他code,在试图访问它,将访问我的做法。
Without getting into the details of why, I'm looking for a clean (as possible) way to replace kernel functions and system calls from a loadable module. My initial idea was to write some code to override some functions, which would take the original function (perhaps, if possible, call the function), and then add some of my own code. The key is that the function that I write has to have the name of the original function, so other code, upon trying to access it, will access mine instead.
我可以很容易(相对)为此直接在只需扔我的code到相应的功能内核,但我想知道是否有人知道一点ç魔术不是的不一定可怕的内核(或C)编码的做法,可以达到同样的效果。
I can easily (comparatively) do this directly in the kernel by just throwing my code into the appropriate functions, but I was wondering if anyone knew a little C magic that isn't necessarily horrible kernel (or C) coding practice that could achieve the same result.
#define和typedef的思考浮现在脑海中,但我不能完全破解它在我的头上。
Thoughts of #defines and typedefs come to mind, but I can't quite hack it out in my head.
在短期:有没有人知道一种有效覆盖在Linux内核函数(从一个模块)
In short: does anyone know a way to effectively override functions in the Linux kernel (from a module)?
编辑:由于它被问,我基本上是要记录某些功能(创建/删除目录等)的从内核中的,但理智的缘故,一个可加载模块似乎意义,而不是写一个大补丁内核code和重新编译每一个变化。加code到内核的最小金额是好的,但我想大部分的工作卸载到一个模块。
Since it's been asked, I essentially want to log certain functions (creating/deleting directories, etc.) from within the kernel, but for sanity's sake, a loadable module seems to make sense, rather than having to write a big patch to the kernel code and recompile on every change. A minimal amount of added code to the kernel is okay, but I want to offload most of the work to a module.
推荐答案
我认识到,问题是三十岁了,但对于其他人试图做这样的事情的好处,内核有一个叫做接口<一个HREF =http://www.mjmwired.net/kernel/Documentation/kprobes.txt> Kprobes的,以你所需要的。
I realise that the question is three years old, but for the benefit of other people trying to do this sort of thing, the kernel has an interface called kprobes to do just what you needed.
这篇关于覆盖功能在Linux内核模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
