Hi :-) i have try to load a kprobe as modul into the kernel my SuSE version is 10 and the runing 2.6.13-15.7-default the kernel is make with make cloneconfig. To enable kprobes i have changed the kernel konfig /usr/src/linux/.config CONFIG_KALLSYMS=y CONFIG_KALLSYMS_ALL=y CONFIG_KALLSYMS_EXTRA_PASS=y # Kernel hacking CONFIG_DEBUG_KERNEL=y CONFIG_MAGIC_SYSRQ=y CONFIG_LOG_BUF_SHIFT=17 CONFIG_DEBUG_BUGVERBOSE=y CONFIG_DEBUG_INFO=y CONFIG_DEBUG_FS=y CONFIG_EARLY_PRINTK=y CONFIG_DEBUG_STACKOVERFLOW=y CONFIG_KPROBES=y I use the exsample from /usr/src/linux/Documentation/kprobes.txt compiling and linking no problem but insmod ./kprobedoc.ko insmod: error inserting './kprobedoc.ko': -1 Operation not permitted messages: Dec 26 19:27:30 mainframe kernel: register_kprobe failed, returned 1 the entry in the messages came from the int init_module function if ((ret = register_kprobe(&kp) < 0)) { printk("register_kprobe failed, returned %d\n", ret); return -1; } i have forgot somthing in the kernel config ? or is it a bug ? Thanks Frank #include <linux/kernel.h> #include <linux/init.h> #include <linux/module.h> #include <linux/kprobes.h> #include <linux/kallsyms.h> #include <linux/sched.h> /*For each probe you need to allocate a kprobe structure*/ static struct kprobe kp; /*kprobe pre_handler: called just before the probed instruction is executed*/ int handler_pre(struct kprobe *p, struct pt_regs *regs) { printk("pre_handler: p->addr=0x%p, eip=%lx, eflags=0x%lx\n", p->addr, regs->eip, regs->eflags); dump_stack(); return 0; } /*kprobe post_handler: called after the probed instruction is executed*/ void handler_post(struct kprobe *p, struct pt_regs *regs, unsigned long flags) { printk("post_handler: p->addr=0x%p, eflags=0x%lx\n", p->addr, regs->eflags); } /* fault_handler: this is called if an exception is generated for any * instruction within the pre- or post-handler, or when Kprobes * single-steps the probed instruction. */ int handler_fault(struct kprobe *p, struct pt_regs *regs, int trapnr) { printk("fault_handler: p->addr=0x%p, trap #%dn", p->addr, trapnr); /* Return 0 because we don't handle the fault. */ return 0; } int init_module(void) { int ret; kp.pre_handler = handler_pre; kp.post_handler = handler_post; kp.fault_handler = handler_fault; kp.addr = (kprobe_opcode_t*) kallsyms_lookup_name("do_fork"); /* register the kprobe now */ if (!kp.addr) { printk("Couldn't find %s to plant kprobe\n", "do_fork"); return -1; } printk("%p kp adr \n",&kp); if ((ret = register_kprobe(&kp) < 0)) { printk("register_kprobe failed, returned %d\n", ret); return -1; } printk("kprobe registered\n"); return 0; } void cleanup_module(void) { unregister_kprobe(&kp); printk("kprobe unregistered\n"); } MODULE_LICENSE("GPL"); ####################################################################### cat Makefile TARGET = kprobedoc OBJS = kprobedoc.o MDIR = drivers/misc EXTRA_CFLAGS = -DEXPORT_SYMTAB CURRENT = $(shell uname -r) KDIR = /lib/modules/$(CURRENT)/build PWD = $(shell pwd) DEST = /lib/modules/$(CURRENT)/kernel/$(MDIR) obj-m := $(TARGET).o default: make -C $(KDIR) SUBDIRS=$(PWD) modules $(TARGET).o: $(OBJS) $(LD) $(LD_RFLAG) -r -o $@ $(OBJS) ifneq (,$(findstring 2.4.,$(CURRENT))) install: su -c "cp -v $(TARGET).o $(DEST) && /sbin/depmod -a" else install: su -c "cp -v $(TARGET).ko $(DEST) && /sbin/depmod -a" endif clean: -rm -f *.o *.ko .*.cmd .*.flags *.mod.c -include $(KDIR)/Rules.make ______________________________________________________________ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193