- 论坛徽章:
- 0
|
今天看了Linuxon-the-flykernelpatchingwithoutLKM里面有段代码是从/dev/kmem中找sys_call_talbe的地址,但在我的机器上编译,提示read kmem:bad address,我的内核是2.4.20-8,请指教,谢谢
[CODE/]
/*
sys_call_table in /usr/include/syscall.h
system_call int /usr/include/asm/unistd.h
*/
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <fcntl.h>
/* 定义IDTR寄存器结构 */
struct{
unsigned short limit;
unsigned short base;
}__attribute__((packed))idtr;
/* 定义中断描述符结构 */
struct{
unsigned short off1;
unsigned short sel;
unsigned char none,flags;
unsigned short off2;
}__attribute__((packed))idt;
int kmem;
/* 从文件偏移量为off字节的地方读sz字节到m缓冲区中 */
void readkmem(void *m,unsigned off,int sz)
{
if(lseek(kmem,off,SEEK_SET)!=off){ /* 文件指针定位到距开头off个字节的地方 */
perror("kmem lseek");
exit(2);
}
if(read(kmem,m,sz)!=sz){ /* 读取sz字节到m缓冲区中 */
perror("kmem read");
exit(2);
}
}
#define CALLOFF 100
int main(void)
{
unsigned sys_call_off;
unsigned sct;
char sc_asm[CALLOFF],*p;
__asm__("sidt %0":"=m"(idtr)); /* 读取idtr寄存器值到idtr */
printf("idtr base at 0x%x",(int)idtr.base);
kmem=open("/dev/kmem",O_RDONLY);
if(kmem<0) return 1;
readkmem(&idt,idtr.base+8*0x80,sizeof(idt)); /* 将0x80中断描述符读至idt结构中 */
sys_call_off=(idt.off2<<16)|idt.off1; /* 得到system_call函数的地址 */
printf("idt80:flags=%x sel=%x off=%x",(unsigned)idt.flags,(unsigned)idt.sel,sys_call_off);
readkmem(sc_asm,sys_call_off,CALLOFF); /* 读取system_call函数的前100个字节至sc_asm中 */
p=(char *)memmem(sc_asm,CALLOFF,"xffx14x85",3); /* 得到call语句对应机器码的地址 */
sct=*(unsigned *)(p+3); /* 得到sys_call_table的地址 */
if(p){
printf("sys_call_table at 0x%x,call dispatch at 0x%x",sct,p);
}
close(kmem);
return 0;
}
[/CODE] |
|