1

I am trying to disable SYSENTER syscall support and let all system calls fall back through int $0x80 interrupts in Linux without any use of ptrace.

I have found two ways:

  1. Disable VDSO entirely by modifying /proc/sys/vm/vdso_enabled file to 0
  2. Modify /usr/src/linux/arch/x86/vdso/vdso32-setup.c

Modifying the VDSO(Virtual Dynamic Shared Object) shall be the method in my approach, but I do not know which line(s) to modify. Could someone give me any suggestions?

Thank you.

Community
  • 1
  • 1
andrew
  • 31
  • 4
  • 4
    Why would you want to do that? – zwol Nov 14 '12 at 19:42
  • I am trying to trap system call so I want to disable sysentry to make all system call go through int 0x80 to make it easier to be traped – andrew Nov 14 '12 at 19:54
  • This is what [`ptrace`](http://linux.die.net/man/2/ptrace) is for. It is arcane and poorly documented, but it works for `gdb`, `strace`, and UML, so I am confident it can do what you need. (Specifically, look at what the `PTRACE_SYSCALL` operation does.) – zwol Nov 14 '12 at 20:08
  • You seem to have misunderstood me. You don't use `ptrace` to disable `sysenter`. You use `ptrace` to *trap system calls*, thus eliminating any *need* to disable `sysenter`. Or build a custom kernel, in fact. – zwol Nov 17 '12 at 03:05

0 Answers0