modify_ldt¶

Intro¶

modify_ldt - Changes the definition of local descriptor table entries.

Description¶

The modify_ldt() system call provides a way to read and modify the local descriptor table (LDT) entries as well as to determine the current size of the table. Upon success, it returns the amount of memory actually read or written. Upon failure, it returns -1 and sets errno to indicate the error.

The flags argument is a bit mask composed of the OR'ed value of constants defined in . This provides a way to tell the kernel which operation should be performed and what data should be included.

Using this system call allows the programmer to inspect and modify the LDT entries from user space. This can be useful for debugging, sandboxing, creating segmentation modules with user-space applications, or for any other reason.

Arguments¶

func:int[K] - Specifies the operation to be performed. See for available constants.
ptr:void*[K] - Pointer to an ldt_entry struct, which specifies what the LDT entry should be set to.
bytecount:unsigned long[K] - Amount of memory to read/write from/to the LDT entry.

Available Tags¶

K - Originated from kernel-space.

Hooks¶

sys_modify_ldt¶

Type¶

Kprobe

Purpose¶

Hooked to inspect and modify the LDT entries from user space.

Example Use Case¶

Create a segmentation module with user-space applications.

Issues¶

None known.

modify_ldt_entry
modify_ldt64

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.