如何查找和覆盖在cortex-a8中设置系统调用处理程序的位置

Question

我试图创建一个金鱼司机 - linux内核（Android模拟器），来拦截系统调用和指望它。如何检测系统调用处理程序的地址？

下面的代码钩住系统调用并为Windows编写跟踪，我需要对cortex-a8上的linux内核做同样的事情

#define IA32_SYSENTER_EIP 0x176
VOID __declspec(naked) NewKiFastCallEntry()
{
    __asm
    {
        pushad
        pushfd
        mov ecx, 0x23
        push 0x30
        pop fs
        mov ds, cx
        mov es, cx
        push eax
        call LogSystemCall
        popfd
        popad
        jmp [OriginalKiFastCallEntry]
    }
}

VOID HookSysenter()
{
    DbgPrint("-Sysenter- Hooking sysenter...\n");

    __asm
    {
        mov ecx, IA32_SYSENTER_EIP
        xor edx, edx
        rdmsr
        mov OriginalKiFastCallEntry, eax
        mov eax, NewKiFastCallEntry
        wrmsr
    }

    DbgPrint("-Sysenter- Original KiFastCallEntry address is 0x%08X\n", OriginalKiFastCallEntry);
    DbgPrint("-Sysenter- New KiFastCallEntry address is 0x%08X\n", NewKiFastCallEntry);
    DbgPrint("-Sysenter- Finished hooking sysenter\n");
}