Skip to content

Commit

Permalink
Merge pull request #244 from keytouch/fix_syscall
Browse files Browse the repository at this point in the history
Fix compilation due to syscall module name conflict
  • Loading branch information
jserv authored Dec 22, 2023
2 parents 3490cd7 + f2ad878 commit 7f94878
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 14 deletions.
2 changes: 1 addition & 1 deletion examples/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ obj-m += print_string.o
obj-m += kbleds.o
obj-m += sched.o
obj-m += chardev2.o
obj-m += syscall.o
obj-m += syscall_steal.o
obj-m += intrpt.o
obj-m += cryptosha256.o
obj-m += cryptosk.o
Expand Down
24 changes: 12 additions & 12 deletions examples/syscall.c → examples/syscall_steal.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* syscall.c
* syscall_steal.c
*
* System call "stealing" sample.
*
Expand Down Expand Up @@ -61,7 +61,7 @@ module_param(sym, ulong, 0644);

#endif /* Version < v5.7 */

static unsigned long **sys_call_table;
static unsigned long **sys_call_table_stolen;

/* UID we want to spy on - will be filled from the command line. */
static uid_t uid = -1;
Expand Down Expand Up @@ -206,18 +206,18 @@ static void disable_write_protection(void)
__write_cr0(cr0);
}

static int __init syscall_start(void)
static int __init syscall_steal_start(void)
{
if (!(sys_call_table = acquire_sys_call_table()))
if (!(sys_call_table_stolen = acquire_sys_call_table()))
return -1;

disable_write_protection();

/* keep track of the original open function */
original_call = (void *)sys_call_table[__NR_openat];
original_call = (void *)sys_call_table_stolen[__NR_openat];

/* use our openat function instead */
sys_call_table[__NR_openat] = (unsigned long *)our_sys_openat;
sys_call_table_stolen[__NR_openat] = (unsigned long *)our_sys_openat;

enable_write_protection();

Expand All @@ -226,27 +226,27 @@ static int __init syscall_start(void)
return 0;
}

static void __exit syscall_end(void)
static void __exit syscall_steal_end(void)
{
if (!sys_call_table)
if (!sys_call_table_stolen)
return;

/* Return the system call back to normal */
if (sys_call_table[__NR_openat] != (unsigned long *)our_sys_openat) {
if (sys_call_table_stolen[__NR_openat] != (unsigned long *)our_sys_openat) {
pr_alert("Somebody else also played with the ");
pr_alert("open system call\n");
pr_alert("The system may be left in ");
pr_alert("an unstable state.\n");
}

disable_write_protection();
sys_call_table[__NR_openat] = (unsigned long *)original_call;
sys_call_table_stolen[__NR_openat] = (unsigned long *)original_call;
enable_write_protection();

msleep(2000);
}

module_init(syscall_start);
module_exit(syscall_end);
module_init(syscall_steal_start);
module_exit(syscall_steal_end);

MODULE_LICENSE("GPL");
2 changes: 1 addition & 1 deletion lkmpg.tex
Original file line number Diff line number Diff line change
Expand Up @@ -1491,7 +1491,7 @@ \section{System Calls}
ffffffff82000280 R x32_sys_call_table
ffffffff820013a0 R sys_call_table
ffffffff820023e0 R ia32_sys_call_table
$ sudo insmod syscall.ko sym=0xffffffff820013a0
$ sudo insmod syscall_steal.ko sym=0xffffffff820013a0
\end{verbatim}

Using the address from \verb|/boot/System.map|, be careful about \verb|KASLR| (Kernel Address Space Layout Randomization).
Expand Down

0 comments on commit 7f94878

Please sign in to comment.