• Willkommen im Linux Club - dem deutschsprachigen Supportforum für GNU/Linux. Registriere dich kostenlos, um alle Inhalte zu sehen und Fragen zu stellen.

Linux SysCallTable Testing

L

lowleveldeep

Newbie
I hope it is no problem that I write in English ?

Hello,

alexander@osiris:~$ uname -a
Linux osiris 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux
Zum Vergrößern anklicken....

I tried to change the sys_call_address to another location in memory.
The result was an OOPS!


sys_call_address is of course not exported, so I found it using:
grep sys_call_table /boot/System.map-2.6.31-14-generic
c0577150 R sys_call_table
Zum Vergrößern anklicken....


My kernel prog looks like:
Code: 
#include <linux/string.h> 
#include <linux/smp_lock.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/file.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include <linux/syscalls.h>
#include <linux/time.h>
#include <asm/unistd.h>
#include <linux/version.h>
#include <linux/errno.h>
#include <linux/dcache.h>
#include <linux/mm.h>
#include <asm/uaccess.h>
#include <asm/string.h>
#define __KERNEL_SYSCALLS__
#include <linux/dirent.h>
#include <linux/fcntl.h>
 
MODULE_LICENSE("GPL");
MODULE_AUTHOR("bli bla blu");



void** sys_call_table = (void**)0xc0577150; 
int (*orig_mkdir)(const char *path); 


int hacked_mkdir(const char *path) 
{ 
	return 0; 
} 

static int __init readlog_init(void) 
{ 
	printk("\n addr: " "%p", sys_call_table);

	orig_mkdir = sys_call_table[__NR_mkdir]; 
	sys_call_table[__NR_mkdir] = hacked_mkdir; 

	printk("\n I am still here \n");

	return 0; 
} 

static void __exit readlog_exit(void)
{ 
	sys_call_table[__NR_mkdir] = orig_mkdir; 
}



module_init(readlog_init);
module_exit(readlog_exit);

alexander@osiris:~/Desktop/Vorträge/kernel-exp/test$ sudo insmod test.ko
Killed
Zum Vergrößern anklicken....

The result is something like:
dmesg

[67385.389666]
[67385.389669] addr: c0577150
[67385.389693] BUG: unable to handle kernel paging request at c05771ec
[67385.389701] IP: [<e078302c>] readlog_init+0x2c/0x46 [test]
[67385.389714] *pde = 1e22f063 *pte = 00577161
[67385.389723] Oops: 0003 [#3] SMP
[67385.389731] last sysfs file: /sys/devices/LNXSYSTM:00/device:00/PNP0C0A:00/power_supply/BAT0/voltage_now
[67385.389739] Modules linked in: test(+) test9(P+) test(+) arc4 lib80211_crypt_wep cbc aes_i586 aes_generic ecb binfmt_misc ppdev vboxnetflt vboxnetadp vboxdrv snd_hda_codec_realtek snd_hda_intel snd_hda_codec snd_hwdep snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi snd_seq_midi_event dm_crypt snd_seq snd_timer pcmcia snd_seq_device iptable_filter tifm_sd joydev ipw2200 yenta_socket tifm_7xx1 ip_tables snd psmouse libipw rsrc_nonstatic x_tables lib80211 soundcore serio_raw pcmcia_core tifm_core lp nvidia(P) sony_laptop snd_page_alloc parport ohci1394 ieee1394 e100 mii video output intel_agp agpgart
[67385.389851]
[67385.389859] Pid: 7944, comm: insmod Tainted: P D (2.6.31-14-generic #48-Ubuntu) VGN-FS115M
[67385.389867] EIP: 0060:[<e078302c>] EFLAGS: 00210296 CPU: 0
[67385.389875] EIP is at readlog_init+0x2c/0x46 [test]
[67385.389881] EAX: c0577150 EBX: fffffffc ECX: ffffffcc EDX: c01f29a0
[67385.389888] ESI: e0780340 EDI: 00000000 EBP: c3335f5c ESP: c3335f54
[67385.389894] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[67385.389902] Process insmod (pid: 7944, ti=c3334000 task=de188000 task.ti=c3334000)
[67385.389907] Stack:
[67385.389911] e0780044 c0577150 c3335f88 c010112c e0780340 c0750a50 fffffffc e0780340
[67385.389926] <0> 00347ff4 e0783000 fffffffc e0780340 00347ff4 c3335fac c0173751 c5110738
[67385.389942] <0> de188000 c5110700 00000004 09c57018 09c57018 00004000 c3334000 c010336c
[67385.389960] Call Trace:
[67385.389972] [<c010112c>] ? do_one_initcall+0x2c/0x190
[67385.389982] [<e0783000>] ? readlog_init+0x0/0x46 [test]
[67385.389994] [<c0173751>] ? sys_init_module+0xb1/0x1f0
[67385.390003] [<c010336c>] ? syscall_call+0x7/0xb
[67385.390008] Code: 89 e5 83 ec 08 a1 28 03 78 e0 c7 04 24 44 00 78 e0 89 44 24 04 e8 e9 b3 de df a1 28 03 78 e0 8b 90 9c 00 00 00 89 15 9c 04 78 e0 <c7> 80 9c 00 00 00 00 00 78 e0 c7 04 24 4f 00 78 e0 e8 c2 b3 de
[67385.390096] EIP: [<e078302c>] readlog_init+0x2c/0x46 [test] SS:ESP 0068:c3335f54
[67385.390108] CR2: 00000000c05771ec
[67385.390116] ---[ end trace 4c2f5142834c75aa ]---
Zum Vergrößern anklicken....

Anybody any ideas? ;)
Thx for your help! :)
 
Du musst dich einloggen oder registrieren, um hier zu antworten.
Oben