系统调用

时间：2006-08-31 来源：romalql

code:

#if CONFIG_MODVERSIONS==1
#define MODVERSIONS
#include <linux/modversions.h>
#endif #include <linux/kernel.h>
#include <linux/module.h>
#include <linux/fs.h>
#include <asm/unistd.h>
#include <asm/ptrace.h>
#include <linux/syscalls.h> #define SYS_FORK  2
#define SYS_OPEN  5
#define SYS_UNLINK  10
#define SYS_MKDIR  39 MODULE_LICENSE("GPL"); typedef void* symbol_addr_t;
typedef unsigned long syscall_handler_t(struct pt_regs);
static syscall_handler_t** vpd_sys_call_table = NULL; asmlinkage int
(*orig_fork)(struct pt_regs regs),
(*orig_open)(const char __user *path, int flags, int mode),
(*orig_unlink)(const char __user *path),
(*orig_mkdir)(const char __user *path, int mode); asmlinkage int
        vpd_fork(struct pt_regs regs),
        vpd_open(const char __user *path, int flags, int mode),
        vpd_unlink(const char __user *path),
        vpd_mkdir(const char __user *path, int mode); struct sys_slot {
        int     sys_id;
        caddr_t *orig;
        caddr_t wrapper;
} sysent_array[] = {
  {SYS_FORK,      (caddr_t*)&orig_fork,   (caddr_t)vpd_fork},
        {SYS_UNLINK,    (caddr_t*)&orig_unlink, (caddr_t)vpd_unlink},
        {SYS_MKDIR,     (caddr_t*)&orig_mkdir, (caddr_t)vpd_mkdir},
        {SYS_OPEN,      (caddr_t*)&orig_open,   (caddr_t)vpd_open},
  {-1,NULL,NULL}
}; symbol_addr_t find_sys_call_table(void)
{
asmlinkage long sys_close(unsigned int fd);
unsigned long ptr, *p, i=0;
extern u64 jiffies_64; for (ptr = (unsigned long) &jiffies_64;
      i < 4000; i++, ptr -= sizeof(void *)){
  p = (unsigned long *) ptr;
  if((p[__NR_close] == (unsigned long)sys_close)) {
   return((symbol_addr_t)p);
  }
}
return(NULL);
} asmlinkage int vpd_fork(struct pt_regs regs)
{
printk("Running fork()\n");
return (*orig_fork)(regs);
} asmlinkage int vpd_open(const char *path, int flags, int mode)
{
printk("Running open()\n");
return (*orig_open)(path, flags, mode);
} asmlinkage int vpd_unlink(const char *path)
{
printk("Running unlink()\n");
return (*orig_unlink)(path);
} asmlinkage int vpd_mkdir(const char *path, int mode)
{
printk("Running mkdir()\n");
return (*orig_mkdir)(path, mode);
} int init_module(void)
{
printk("hello world!\n"); if ((vpd_sys_call_table =(syscall_handler_t **)
   find_sys_call_table()) == NULL) {
  printk("Kernel symbol 'sys_call_table' not found.\n");
  return(1);
}

struct sys_slot *ssp;
for (ssp = &sysent_array[0]; ssp->orig; ssp++) {
  *(ssp->orig) = (caddr_t)vpd_sys_call_table[ssp->sys_id];
  if (ssp->wrapper) {
   vpd_sys_call_table[ssp->sys_id] =
    (syscall_handler_t *)ssp->wrapper;
  }
}
return 0;
} void cleanup_module()
{
printk("syscall intercept\n");
printk("Goodbye\n"); struct sys_slot *ssp;
for (ssp = &sysent_array[0]; ssp->orig; ssp++) {
  if (*(ssp->orig) != NULL) {
   vpd_sys_call_table[ssp->sys_id] =
    (syscall_handler_t *)(*( ssp->orig));
  }
} }

makefile:

TERGET:=moudle
obj-m:=${TERGET}.o
KDIR:=/lib/modules/$(shell uname -r)/build
PWD:=$(shell pwd)

default %:
$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules
clean:
rm -rf *.o core mklog
$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) clean
load:default
insmod ${TERGET}.ko
unload:
rmmod ${TERGET}
test:load
insmod | fgrep ${TERGET}
rmmod ${TERGET}