I want to hook
Jun Furukawa
mjyo7hanbe at gmail.com
Mon Jan 25 09:33:36 UTC 2010
I want to make an automatic encryption system by hooking
functions for read and write.
Here is the list of the candidates for that.
(This is from "The Design and Implementation of the FreeBSD
Section8.9 Figure8.32")
write() read() (/usr/src/sys/kern/sys_generic.c)
| |
vn_write() vn_read() (/usr/srs/sys/kern/vfs_vnoops.c)
| |
ffs_write() ffs_read() (/usr/src/sys/ufs/ffs/ffs_vnops.c)
| |
ffs_balloc() ufs_bitmap()
I want to encrypt data when that is copied to external
devices like USB mass storage devices.
If possible could you tell me what function I should hook to achieve that?
I tried to hook write(), read() systemcall functions to do that by
referencing
the book, "Designing BSD Rootkits: An Introduction to Kernel Hacking".
However I realized that I cannot achieve my goal by that method because
the only information about the file I can get by the arguments of write(),
and read() is file descriptors.
From my investigation, I think we cannot specify whether a file is
written to
or read from USB mass storage devices with a file descriptor.
More information about the freebsd-fs
mailing list