LDP/LDP/guide/docbook/lkmpg-2.6/lkmpg-examples/08-SystemCalls

The Problem with this example is, you will get unresolved symbols
if you try to insmod it into a stock 2.6.x kernel.

This is because the interception of system calls via sys_call_table 
is considered harmful and thus no longer supported. (since 2.5.41)

See the thread: (pick just one)  

  http://www.ussg.iu.edu/hypermail/linux/kernel/0305.0/0711.html
  http://marc.free.net.ph/message/20030505.081945.fa640369.html
  http://marc.theaimsgroup.com/?l=linux-kernel&m=105212296015799&w=2

for why.

To be able to get this example running with post 2.5.41 (read 2.6.x) 
kernels you must patch your kernel to export sys_call_table.

WARNING: 
	DONT TRY THIS ON PRODUCTION SYSTEMS, OR ANY OTHER SYSTEMS
	WITH VALUEABLE DATA ON IT.


If I had to write a Configure.help entry for this patch it would
be tagged <dangerous> and probably look like this:

#######################################################################

This option exports the sys_call_table, which makes it possible to 
intercept system calls. Intercepting system calls is dangerous,
and might cause data loss or worse.

Say Y if you want to try the included example and don't care about 
data loss and other scary stuff.

Virtually anybody else should say N here.

#######################################################################

Using an old PC you don't need for anything else as a sandbox
might be a good idea either.

Assuming your current 2.6.x kernel tree lies under /usr/src/linux/
(where it should not! [1] ;) the script below shows how to apply,
compile and boot a sys_call_table exporting kernel in one go.

This patch has been tested with 2.6.[0123], and may / may not apply
clean / at all to other versions.

[1] http://www.linuxmafia.com/faq/Kernel/usr-src-linux-symlink.html


#!/bin/sh
cp export_sys_call_table_patch_for_linux_2.6.x /usr/src/linux/
cd /usr/src/linux/
patch -p0 < export_sys_call_table_patch_for_linux_2.6.x