Commit c0f2aed2 authored by Tyler Nichols's avatar Tyler Nichols

Began adding in functionality for scanning the /boot/System.map-<version> file for sys_call_table.

parent feb2c17e
......@@ -14,6 +14,115 @@
#define BOOT_PATH "/boot/System.map-"
#define MAX_VERSION_LEN 256
unsigned long long *syscall_table = NULL;
static int find_sys_call_table (char *kern_ver)
{
char buf[MAX_VERSION_LEN];
int i = 0;
char *filename;
char *p;
struct file *f = NULL;
mm_segment_t oldfs;
oldfs = get_fs();
set_fs (KERNEL_DS);
filename = kmalloc(strlen(kern_ver)+strlen(BOOT_PATH)+1, GFP_KERNEL);
if ( filename == NULL ) {
return -1;
}
memset(filename, 0, strlen(BOOT_PATH)+strlen(kern_ver)+1);
strncpy(filename, BOOT_PATH, strlen(BOOT_PATH));
strncat(filename, kern_ver, strlen(kern_ver));
printk(KERN_ALERT "\nPath %s\n", filename);
f = filp_open(filename, O_RDONLY, 0);
if ( IS_ERR(f) || ( f == NULL )) {
return -1;
}
memset(buf, 0x0, MAX_VERSION_LEN);
p = buf;
while (vfs_read(f, p+i, 1, &f->f_pos) == 1) {
if ( p[i] == '\n' || i == 255 ) {
i = 0;
if ( (strstr(p, "sys_call_table")) != NULL ) {
char *sys_string;
sys_string = kmalloc(MAX_VERSION_LEN, GFP_KERNEL);
if ( sys_string == NULL ) {
filp_close(f, 0);
set_fs(oldfs);
kfree(filename);
return -1;
}
memset(sys_string, 0, MAX_VERSION_LEN);
strncpy(sys_string, strsep(&p, " "), MAX_VERSION_LEN);
//syscall_table = (unsigned long long *) kstrtoll(sys_string, NULL, 16);
syscall_table = kmalloc(sizeof(unsigned long long), GFP_KERNEL);
kstrtoull(sys_string, 16, syscall_table);
kfree(sys_string);
break;
}
memset(buf, 0x0, MAX_VERSION_LEN);
continue;
}
i++;
}
filp_close(f, 0);
set_fs(oldfs);
kfree(filename);
return 0;
}
char *acquire_kernel_version (void) {
struct file *proc_version;
char *full_kernel_version, *parsed_version;
......@@ -92,6 +201,10 @@ static int __init onload(void) {
printk(KERN_WARNING "Hello world!\n");
printk(KERN_EMERG "Version: %s\n", acquire_kernel_version());
find_sys_call_table(acquire_kernel_version());
printk(KERN_EMERG "Syscall table address: %llx\n", *syscall_table);
// write_cr0 (read_cr0 () & (~ 0x10000));
// original_write = (void *)syscall_table[__NR_write];
// syscall_table[__NR_write] = &new_write;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment