- 论坛徽章:
- 0
|
#include
#include
#include
#include
#include
#include
MODULE_AUTHOR(
petsatan@
sohu.com);
MODULE_DESCRIPTION("By the VFS filesystem, this module can capture system calls.");
MODULE_LICENSE("GPL");
char *root_fs="/";
typedef int (*readdir_t)(struct file *,void *,filldir_t);
readdir_t orig_root_readdir=NULL;
int myreaddir(struct file *fp,void *buf,filldir_t filldir)
{
int r;
printk("You got me partner!\n");
r=orig_root_readdir(fp,buf,filldir);
return r;
}
int patch_vfs(const char *p,readdir_t *orig_readdir,readdir_t new_readdir)
{
struct file *filep;
filep=filp_open(p,O_RDONLY,0);
if(IS_ERR(filep))
return -1;
if(orig_readdir)
*orig_readdir=filep->f_op->readdir;
filep->f_op->readdir=new_readdir;
filp_close(filep,0);
return 0;
}
int unpatch_vfs(const char *p,readdir_t orig_readdir)
{
struct file *filep;
filep=filp_open(p,O_RDONLY,0);
if(IS_ERR(filep))
return -1;
filep->f_op->readdir=orig_readdir;
filp_close(filep,0);
return 0;
}
static int patch_init(void)
{
patch_vfs(root_fs,&orig_root_readdir,myreaddir);
printk("VFS is patched!\n");
return 0;
}
static void patch_cleanup(void)
{
unpatch_vfs(root_fs,orig_root_readdir);
printk("VFS is unpatched!\n");
}
module_init(patch_init);
module_exit(patch_cleanup);
在2.4.20-8下测试通过.
此程序参考了rootkit adore-ng.
adore-ng在
http://blog.csdn.net/petsatan/
上有下载.
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/54860/showart_433065.html |
|
免费注册
发表于 2007-11-29 22:27