Real-Time-Kernel-Event-Handler

[JOJBerlin]

Hi everyone,
I'm a computer engineer student from Berlin and I'm writing my final theses about a Real-Time-Kernel-Event-Handler on a Debian 2.6 System.

My Teacher wants me to write a function to track system calls from applications (without access to source code).

Has anyone a idea to implement this as a driver or something like this?

Any help is welcome.

MODULE_AUTHOR("Jan Ole Jensen - HTW Berlin");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Real-Time-Kernel-Event-Handler");

[Irithori]

So you want strace(1): trace system calls/signals - Linux man page as a kernel module.
I am not a dev, but the strace source and documentation might be a starting point for you.

Edit:
Seems, what you want is already available:
ptrace(2): process trace - Linux man page

[JOJBerlin]

thx, that sounds really good. I have a look on it.

[JOJBerlin]

you made my day. exactly what I was looking for. Thx again

[Irithori]

yw and good luck with your studies

[JOJBerlin]

thx, I think it will work.

maybe someone can have a look on it and tell me if I understand ptrace in a right way

Code:

wait(&stat);	//sleep until first SIGTRAP

while(stat == 1407){

ptrace(PTRACE_SYSCALL, pid_exec, 0, 0);	
//wait for end of syscall
	
wait(&stat);			
ptrace(PTRACE_GETREGS, pid_exec, 0, &uregs);	
//read Regs of child
				
printf("syscall nr: %d\n", uregs.orig_eax);			

ptrace(PTRACE_SYSCALL, pid_exec, 0, 0);		
wait(&stat);
//wait for next syscall
			
}