挂钩系统调用 ubuntu

【问题标题】:Hooking system call ubuntu挂钩系统调用 ubuntu
【发布时间】:2019-11-02 15:11:43
【问题描述】:

想尝试hook系统调用open,写在Ubuntu 16.04 - 64bit - kernel version: 4.15.0-45-generic

我的代码如下:

#include <asm/unistd.h>
#include <asm/cacheflush.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/syscalls.h>
#include <asm/pgtable_types.h>
#include <linux/highmem.h>
#include <linux/fs.h>
#include <linux/sched.h>
#include <linux/moduleparam.h>
#include <linux/unistd.h>
#include <asm/cacheflush.h>
#define syscall __NR_open
MODULE_LICENSE("GPL");
MODULE_AUTHOR("LAMDUCANH _ CNTN");

/*MY sys_call_table address*/
//ffffffff81e001e0
void **system_call_table_addr;
/*my custom syscall that takes process name*/
asmlinkage int (*custom_syscall) (const char* path, int flag, mode_t mode);
/*hook*/
asmlinkage int hook(const char* path, int flag, mode_t mode) {
    printk(KERN_INFO "Pname Syscall:HOOK! HOOK! HOOK! HOOK!...ROOOFFIIOO!");
    printk(KERN_INFO "The process that opens the file is: %s\n", current->comm);
    printk(KERN_INFO "The file name: %s\n", path);
    return custom_syscall(path, flag, mode);
}

/*Make page writeable*/
int make_rw(unsigned long address){
    unsigned int level;
    pte_t *pte = lookup_address(address, &level);
    if(pte->pte &~_PAGE_RW){
        pte->pte |=_PAGE_RW;
    }
    return 0;
}
/* Make the page write protected */
int make_ro(unsigned long address){
    unsigned int level;
    pte_t *pte = lookup_address(address, &level);
    pte->pte = pte->pte &~_PAGE_RW;
    return 0;
}
static int __init entry_point(void){
    printk(KERN_INFO "Module load successfully");   
    system_call_table_addr = (void*)0xffffffff81e001e0; 
    printk(KERN_INFO "Address system call open = %p", (void*) system_call_table_addr[syscall]);   
    custom_syscall = system_call_table_addr[syscall];    
    make_rw((unsigned long)system_call_table_addr);    
    system_call_table_addr[syscall] = hook;
    return 0;
}
static void __exit exit_point(void){   
    printk(KERN_INFO "Module unload successfully"); 
    system_call_table_addr[syscall] = custom_syscall;    
    make_ro((unsigned long)system_call_table_addr);
    return;
}
module_init(entry_point);
module_exit(exit_point);

我通过这种方式找到我的地址系统调用表: sudo cat /boot/System.map-4.15.0-45-generic | grep sys_call anh地址系统调用表为ffffffff81e001e0

但是当我 insmod 内核对象时,我得到了这样的错误

BUG: unable to handle kernel paging request at ffffffff81e001f0

我该如何解决这个错误???非常感谢

【问题讨论】:

    标签: linux ubuntu hook system-calls


    【解决方案1】:

    我不确定这个错误是否与地址系统调用表有关,但你可以试试下面的代码:

    system_call_table_addr = (void*)kallsyms_lookup_name("sys_call_table");

    希望对你有所帮助。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2021-04-28
      • 2016-06-23
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode