Thank you for your information, I tried the attached code for system call interception. I am using linux kernal 2.6.38-10-generic and I issue the following command for make this c code sudo make -C /usr/src/linux-headers-`uname -r` SUBDIRS=$PWD modules But I got the errors like this make: Entering directory `/usr/src/linux-headers-2.6.38-10-generic' CC [M] /home/bios/intercept/intercept_open.o /home/bios/intercept/intercept_open.c: In function ‘our_fake_open_function’: /home/bios/intercept/intercept_open.c:30:9: error: implicit declaration of function ‘user_path_walk’ /home/bios/intercept/intercept_open.c:35:25: error: ‘struct nameidata’ has no member named ‘dentry’ /home/bios/intercept/intercept_open.c:50:37: error: ‘struct nameidata’ has no member named ‘dentry’ /home/bios/intercept/intercept_open.c: In function ‘my_init’: /home/bios/intercept/intercept_open.c:63:9: warning: ISO C90 forbids mixed declarations and code /home/bios/intercept/intercept_open.c:64:39: error: ‘system_utsname’ undeclared (first use in this function) /home/bios/intercept/intercept_open.c:64:39: note: each undeclared identifier is reported only once for each function it appears in /home/bios/intercept/intercept_open.c:81:41: warning: initialization makes integer from pointer without a cast /home/bios/intercept/intercept_open.c: In function ‘my_exit’: /home/bios/intercept/intercept_open.c:91:9: warning: initialization makes integer from pointer without a cast make[1]: *** [/home/bios/intercept/intercept_open.o] Error 1 make: *** [_module_/home/bios/intercept] Error 2 make: Leaving directory `/usr/src/linux-headers-2.6.38-10-generic' Anu help for this issue. Thanks Jinesh M.K On 18 August 2011 07:03, Wei Liu wrote: > On Wed, Aug 17, 2011 at 12:52 PM, Jinesh M.K wrote: > > Hi, > > > > How to capture a event(eg:file copying) from dom0? > > > > Well, there is a technique called "system call intercepting". > > File copying or any other kinds of operation need the help from the > kernel -- that is, they will issue syscalls. If you can intercept > syscall in Xen, then Xen can tell your little daemon in Dom0 what's > happening in DomU. > > It is doable, because my colleage has done something similar before. > However, this kind of operation slows down the whole system, because > it requires virtual machine introspection to eliminate semantic gap > between Dom0 and DomU, and the frequent switching from Xen, Dom0 and > DomU is certainly a performance hit. > > Or you can try Pasi's way, depending on your need. > > Wei. >