im trying to write module linux that monitor all system calls, and send system call log (data struct) to my program in user space. information such as who PID call syscall, what arguments passed and etc.
i trying to write this feature by IOCTL, PROCFS, CHARACTER DEVICE (READ/WRITE) and SYSFS but i have a problem. (a important issue)
how data struct log of system call can be passed? copy_to_user() function need to struct address in user space, how can pass this address of struct to any syscall function.
my idea (absolutely wrong) :
module.c
asmlinkage long my_sys_read(int fd, char *buf, size_t count)
{
long ret;
query_arg_t my_struct_test; // this is struct i want pass to user space.
my_struct_test.Pid = task_pid_nr(current);
my_struct_test.syscallName = 2;
copy_to_user(buf, my_struct_test, sizeof(query_arg_t));
return ret;
}
user.c
ret = read(devFile, receive_struct , BUFFER_LENGTH); // Read the my_sys_read from the LKM
if (ret < 0){
perror("user : Failed to read the message from the device.");
return errno;
}
printf("user : The received message is: [%d]\n", receive_struct.Pid);
i trying to write module linux that monitor all syscalls and send log to user space (my program) in format data struct. but i not implement copt_to_user() for all system calls because i need to buff argument for it.
im newbie in kernel programing and any suggestion may be help full. (if my way is wrong, do you have another mechanism for implemention pass data struct from kernel to user space?) thanks for time.
