This is Linux kernel module to demonstrate, How to intercept Linux system call. In this module we developed a miscellaneous character device and a module that intercepts the system call i.e. When any user process invoked "open" system call, we have intercept this system call.
Here we used "IOCTL" to send command/data to the kernel module from the user process or from a client.
I have tested this module on following version of Linux kernel.
- Linux - 2.6.32-358.el6.i686 i686 i686 i386 GNU/Linux
cd Module
./compile
cd Client
make
cd Module
insmod SysCallInterceptModule.ko
lsmod
cd Client
./Client
rmmod SysCallInterceptModule
You can look for the following log messages in /var/log/messages file.
e.g.
SysCallInterceptModule : We are in kernel space
SysCallInterceptModule : device has been opened
SysCallInterceptModule : open() system call is invoked form User
SysCallInterceptModule : Unloading the module from linux
SysCallInterceptModule : device has been opened