Some of the system call arguments have useful information; they're not just
pointing to a memory address.
Some are necessary in order to determine what syscall was performed. For
IPC syscalls, a0 indicates which of the IPC calls was executed.
-debbie
linux-audit-bounces(a)redhat.com wrote on 03/25/2005 03:32:37 PM:
System call arguments are pretty useless unless you're in a
process where
the
memory addresses are still valid (like a testcase). Would it be
useful
to
put an option in at a later date that allows you to dump arguments as
human
readable?
-tim
--
Linux-audit mailing list
Linux-audit(a)redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit