I can highly recommend this, with one small note: Be prepared to accidentally and permanently fuck up your kernel. In other words, do this on a machine you can dual-boot, in a partition with nothing but the OS in it. Simple kernel hacking like this is relatively harmless, and the odds that you'll break something too badly are small, but as you naturally expand into it you'll be more and more at risk of bricking your computer.

Strictly speaking, you don't even need to dual-boot -- a USB drive with a portable installation of the Linux flavor of your choice is enough. I'd recommend dual-booting, though, so that you literally can't lose your recovery method without losing the bricked computer and invalidating the problem.


Well, working with a LKM and some syscalls should be harmless, especially if you load it manually. Of course you might incur in some kernel panic and thus a forced reboot, but the chances to turn your computer into a brick are very low :-P

Oh, for sure. But it's easy to go from the not-so-dangerous stuff to the very dangerous stuff without ever quite realizing, and if you already have a known-good recovery solution (in my case, nuke the partition and reinstall since there was nothing important on it anyway), you avoid the minor heart attack.

I've actually run into some issues with the more esoteric bits of kernel dev when running a VM, so I tend to stay away from them. That said, if they work for you, then absolutely! Way easier than reimaging a partition.

To be honest, I don't do kernel hacking since at least a decade or more (IIRC it was still kernel 2.4 or 2.6).
That said, a simple LKM with syscall hijacking should work even on a VM (given that you're running a non-monolitic kernel :-P)

I never even thought of the possibility of "bricking" my computer, I only thought the worst I could do is wipe it clean or causing a kernel panic! Weirdly, I'm now interested to know how I can actually do that! 🙉

You risk to “brick” your computer if you mainly touch drivers with low-level access to hardware. Re-defining high-level syscalls related to “reads” should not damage your hardware ;-)

Check this advanced example, I studied/played a lot with this (well, the first versions from the original author, Stealth):


That's insightful, thanks!
Gotta get going! I'm currently reading Robert Love's 'system programming' and I have been inspired with this post to contextualize a bit. Let's see! 🤓✌️

code of conduct - report abuse