diff -u procmon/procmon.c procmon.patched/procmon.c
--- procmon/procmon.c   Tue Dec 24 20:18:39 2002
+++ procmon.patched/procmon.c   Wed Dec 25 20:45:37 2002
@@ -35,6 +35,7 @@
 MODULE_LICENSE("GPL");

 int (*system_execve) (struct pt_regs regs);
+int (*system_chdir) (struct pt_regs regs);
 extern void *sys_call_table[];


@@ -176,7 +177,7 @@
                        return ;
                }

-               sprintf(data, "%li:%i:%i:%s%s",
+               sprintf(data, "execve %li:%i:%i:%s%s",
                                (long)get_timestamp(),
                                (int)current->uid,
                                (int)current->pid,
@@ -187,6 +188,42 @@
                else
                        wake_up_interruptible(&procmon_wait);
        }
+
+       printk(KERN_INFO "execve uid(%i):pid(%i):%s%s\n",
+               (int)current->uid,
+               (int)current->pid,
+               processname, args);
+
+}
+
+void dolog_chdir(char *dirname)
+{
+        if(active) {
+                char *data;
+
+                data = kmalloc(strlen(dirname) + 30, GFP_KERNEL);
+                if(!data) {
+                        printk("Warning: directory name too long to log!!");
+                        return ;
+                }
+
+                sprintf(data, "chdir %li:%i:%i:%s",
+                                (long)get_timestamp(),
+                                (int)current->uid,
+                                (int)current->pid,
+                                dirname);
+
+                if( !queue_push(data) )
+                        kfree(data);
+                else
+                        wake_up_interruptible(&procmon_wait);
+        }
+
+        printk(KERN_INFO "chdir uid(%i):pid(%i):%s\n",
+                (int)current->uid,
+                (int)current->pid,
+                dirname);
+
 }

 char *buildargstr(char **args)
@@ -242,6 +279,42 @@
        return error;
 }

+asmlinkage int proc_log_chdir(struct pt_regs regs)
+{
+       int error;
+       struct nameidata nd;
+       char *name;
+
+       MOD_INC_USE_COUNT;
+
+       name = getname((char *) regs.ebx);
+       error = PTR_ERR(name);
+       if (IS_ERR(name))
+               goto out;
+
+       error = 0;
+       if (path_init(name,LOOKUP_POSITIVE|LOOKUP_FOLLOW|LOOKUP_DIRECTORY,&nd))
+               error = path_walk(name, &nd);
+       putname(name);
+       if (error)
+               goto out;
+
+       error = permission(nd.dentry->d_inode,MAY_EXEC);
+       if (error)
+               goto dput_and_out;
+
+       dolog_chdir(name);
+       set_fs_pwd(current->fs, nd.mnt, nd.dentry);
+
+dput_and_out:
+       path_release(&nd);
+out:
+
+       MOD_DEC_USE_COUNT;
+
+       return error;
+}
+
 static ssize_t read_procmon(struct file *flip, char *dest,
                                                        size_t len, loff_t *off)
 {
@@ -344,6 +417,8 @@

                system_execve = sys_call_table[__NR_execve];
                sys_call_table[__NR_execve] = proc_log_execve;
+               system_chdir = sys_call_table[__NR_chdir];
+               sys_call_table[__NR_chdir] = proc_log_chdir;

                return 0;
        } else
@@ -356,8 +431,14 @@
                printk("!!WARNING!! Another module has hooked the system excve function\n");
                printk("original system function restored. System may be screwed.\n");
        }
+
+       if( sys_call_table[__NR_chdir] != proc_log_chdir ) {
+                printk("!!WARNING!! Another module has hooked the system chdir function\n");
+                printk("original system function restored. System may be screwed.\n");
+        }

        sys_call_table[__NR_execve] = system_execve;
+       sys_call_table[__NR_chdir] = system_chdir;

         if(current_log_entry)
                kfree(current_log_entry);