截获系统调用编译出错，求助！！

vfvf

Linux内核2.4.20-8

   程序如下：
#define MODULE
#define __KERNEL__

#include "linux/module.h"
#include "linux/kernel.h"

#include "linux/proc_fs.h"
#include "asm/unistd.h"

MODULE_LICENSE("GPL";

unsigned long errno;

static inline _syscall3(int,write,int,fd,const char *,buf,off_t,count);
static inline _syscall3(int,read,int,fd,char*,buf,off_t,count);
static inline _syscall3(off_t,lseek,int,fd,off_t,offset,int,count);
static inline _syscall3(int,open,const char *,file,int,flag,int,mode);
static inline _syscall1(int,close,int,fd);

struct{
unsigned short limit;
unsigned int base;
}__attribute__((packed))idtr;
struct{
unsigned short off1;
unsigned short sel;
unsigned char none,flags;
unsigned short off2;
}__attribute__((packed))idt;
int kmem;
void readkmem(void *m,unsigned off,int sz)
{
unsigned long old_fs_value=get_fs();
set_fs(get_ds());
if(lseek(kmem,off,0)!=off){
printk("kmem lseek error in read\n";return;
}
if(read(kmem,m,sz)!=sz){
printk("kmem read error!\n";return;
}
set_fs(old_fs_value);
}

#define CALLOFF 100

unsigned getscTable()
{
unsigned sct;
unsigned sys_call_off;
char sc_asm[CALLOFF],*p;

asm("sidt%0":"=m"(idtr));
unsigned long old_fs_value=get_fs();
const char *filename="/dev/kmem";
set_fs(get_ds());

kmem=open(filename,O_RDONLY,0640);
if(kmem<0)
{
printk("open error!";
}
set_fs(old_fs_value);

readkmem(&idt,idtr.base+8*0x80,sizeof(idt));
sys_call_off=(idt.off2<<16)|idt.off1;

readkmem(sc_asm,sys_call_off,CALLOFF);
p=(char*)memmem(sc_asm,CALLOFF,"\xff\x14\x85",3);
sct=*(unsigned*)(p+3);
close(kmem);
return sct;
}

static unsigned SYS_CALL_TABLE_ADDR;
void **sys_call_table;
static int count=1;
int (*old_write)(int,char *,int);
int new_write(int fd,char *buffer,int count)

{
printk("<0>;This is the write system call!\n";
return (*old_write)(fd,buffer,count);
}

int init_module()
{
SYS_CALL_TABLE_ADDR=getscTable();
sys_call_table=(void **)SYS_CALL_TABLE_ADDR;

printk("<0>;Ready to run in kernel mod!\n";
old_write=sys_call_table[__NR_write];
sys_call_table[__NR_write]=new_write;
printk("<0>;Running---\n";
return 0;
}

int cleanup_module()
{
printk("<0>;It shut down in kernel---\n";
sys_call_table[__NR_write]=old_write;
return 0;
}



编译结果:
[root@localhost root]# gcc -c test.c -I/usr/src/linux-2.4.20-8/include
/tmp/cc47riwm.s: Assembler messages:
/tmp/cc47riwm.s:84: Error: no such instruction: `sidtidtr'


为什么出现这种错误？求助！先谢了。

jobman

这个

1. asm("sidt%0":"=m"(idtr));

复制代码

应该是：

1. asm("sidt  %0" : "=m" (idtr) );

复制代码

唉，自从 sys_call_table 不export 以后，不知道哪个家伙从 phrack 抄回这一段，却歪嘴和尚念错经，在内核模块中去读 kmem ,亏他想的出来。本来不想管了，不过还是不忍心，贴上一段，有心的自己看了：

1. long * sys_call_table=0;
   
2. static int find_sct_addr( )
   
3. {
   
4.         unsigned sys_call_off;
   
5.         unsigned sct;
   
6.         char sc_asm[100],*p;
   
7. 
   
8.         asm( "sidt %0" : "=m" (idtr) );
   
9.         memcpy( &idt, (void*)idtr.base + 8 * 0x80, sizeof(idt) );
   
10.         sys_call_off = (idt.off2 << 16) | idt.off1;
    
11.         printk( "the idt:0x80: flags=%X sel=%X off=%X\n",
    
12.                 (unsigned)idt.flags,(unsigned)idt.sel,sys_call_off);
    
13. 
    
14.         memcpy( sc_asm, (void*)sys_call_off, 100 );
    
15.         for( sct = 0, p = sc_asm; sct < 100 - 3; sct ++, p ++ )
    
16.         {
    
17.                 if( !memcmp( p, "\xff\x14\x85", 3 ) )
    
18.                 {
    
19.                         sct = *(unsigned*)( p + 3 );
    
20.                         printk( "SCT at 0x%X, dispatch at 0x%X\n",
    
21.                                 (unsigned)sct, (unsigned)p);
    
22.                         sys_call_table = (long*)sct;
    
23.                         return 1;
    
24.                 }
    
25.         }
    
26.         return 0;
    
27. }

复制代码