- 论坛徽章:
- 0
|
- #include <linux/module.h>
- #include <linux/kernel.h>
- #include <asm/unistd.h>
- MODULE_LICENSE("GPL");
- // addr of sys_call_talbe = 0xc15b6020,这个值是在/boot目录下,System.map或是以System.map打头的文件中找到的。
- void ** sys_call_table = (void **)0xc15b6020;
- int (*orig_open)(const char *path); //定义一个函数指针,用于保存挟制以前的初始值
- int hack_open(const char * path) //自定义一个替换函数,它将用来替换某个系统调用
- {
- printk("<0> this is in hack_open\n");
- return 0;
- }
- unsigned int clear_cr0(void) // 将WP清0,并返回清0前的值
- {
- unsigned int cr0 = 0;
- unsigned int ret;
- asm volatile("movl %%cr0, %%eax"
- :"=a"(cr0)
- );
- ret = cr0;
- cr0 &= 0xfffeffff;
- asm volatile("movl %%eax, %%cr0"
- :
- :"a"(cr0)
- );
- return ret;
- }
- void setback_cr0(unsigned int val) // 将cr0设为val
- {
- asm volatile("movl %%eax, %%cr0"
- :
- :"a"(val)
- );
- }
- static int __init begin(void)
- {
- unsigned int cr0;
- orig_open = sys_call_table[__NR_open]; //保存open原来的的地址
- printk("<0> sys_call_table[__NR_open] = %x\n", (unsigned int)sys_call_table[__NR_open]);
- cr0 = clear_cr0();
- sys_call_table[__NR_open] = hack_open; //挟持
- setback_cr0(cr0);
-
- printk("<0> sys_call_table[__NR_open] = %x\n", (unsigned int)sys_call_table[__NR_open]);
-
- return 0;
- }
- static void __exit end(void)
- {
- int cr0;
- cr0 = clear_cr0();
- sys_call_table[__NR_open] = orig_open; //恢复open系统调用
- setback_cr0(cr0);
- }
- module_init(begin);
- module_exit(end);
复制代码 贴上源代码,求大神指点。。。或者说open只对root和经过密码认证的开放权限??怎么实现呢?? |
|