Some of the system call arguments have useful information; they're not just pointing to a memory address.
Some are necessary in order to determine what syscall was performed. For IPC syscalls, a0 indicates which of the IPC calls was executed.
-debbie
Inactive hide details for tinytim@us.ltcfwd.linux.ibm.comtinytim@us.ltcfwd.linux.ibm.com


          tinytim@us.ltcfwd.linux.ibm.com
          Sent by: linux-audit-bounces@redhat.com

          03/25/2005 03:32 PM
          Please respond to
          Linux Audit Discussion


To

linux-audit@redhat.com

cc


Subject

syscall arguments in audit records

System call arguments are pretty useless unless you're in a process where the
memory addresses are still valid (like a testcase).  Would it be useful to
put an option in at a later date that allows you to dump arguments as human
readable?

-tim

--
Linux-audit mailing list
Linux-audit@redhat.com
http://www.redhat.com/mailman/listinfo/linux-audit