分类: LINUX
2008-03-18 14:05:01
| (gdb) disas syscall_call Dump of assembler code for function syscall_call: 0xc0102e0a 0xc0102e11 End of assembler dump. (gdb) x/8x 0xc0102e0a 0xc0102e0a 0xc0102e1a |
| /* * Copyright (c) 2006 xiaosuo * * Copyright (c) 2003 Dallachiesa Michele * * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification are permitted. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * * DESCRIPTION * * redhat kernels don't export the sys_call_table symbol anymore.. this * is a workaround that let you use your old LKMs without fix them. * * In fact, the kernel (>= 2.4.18) don't export the sys_call_table symbol * anymore... * * USAGE * * Build this as a kernel module and loaded * * + greetz: (#phrack.it|antifork.org) guys * + sys_call_table[] address lookup code from phrack 58 #0x07 by sd */ #ifndef MODULE #define MODULE #endif #ifndef __KERNEL__ #define __KERNEL__ #endif #include #ifdef USE_SYMBOL_NAME #include #endif #include #define CALLOFF 100 unsigned long sys_call_table = 0; EXPORT_SYMBOL(sys_call_table); struct { unsigned short limit; unsigned int base; } __attribute__ ((packed)) idtr; struct { unsigned short offset_low; unsigned short sel; unsigned char none, flags; unsigned short offset_high; } __attribute__ ((packed)) * idt; /* * The /proc/kallsyms is not updated. */ int set_symbol_value(unsigned long old_value, unsigned long value) { struct kernel_symbol *ksyms; int i; ksyms = (struct kernel_symbol*)(THIS_MODULE->syms); for(i = 0; i < THIS_MODULE->num_syms; i ++){ #ifdef USE_SYMBOL_NAME if(strcmp(ksyms[i].name, "sys_call_table") == 0){ #else if(ksyms[i].value == old_value){ #endif ksyms[i].value = value; return 0; } } return -1; } char* findoffset(char *start) { char *p; for (p = start; p < start + CALLOFF; p++) if (*(p + 0) == '\xff' && *(p + 1) == '\x14' && *(p + 2) == '\x85') return p; return NULL; } int init_module(void) { unsigned sys_call_off; char *p; __asm__("sidt %0":"=m"(idtr)); idt = (void *) (idtr.base + 8 * 0x80); sys_call_off = (idt->offset_high << 16) | idt->offset_low; if ((p = findoffset((char *) sys_call_off))) { return set_symbol_value((unsigned long)&sys_call_table, *((unsigned long*)(p+3))); } return -1; } void cleanup_module(void) { } |
| /* This method first be found in the dazuko 2.0.6 */ static void** dazuko_get_sct(void) { unsigned long ptr; extern int loops_per_jiffy; unsigned long *p; for(ptr=(unsigned long)&loops_per_jiffy; ptr<(unsigned long)&boot_cpu_data; ptr+=sizeof(void *)){ p = (unsigned long *)ptr; if (p[6] == (unsigned long)sys_close){ return (void **)p; } } return NULL; } |
