4,436
社区成员
发帖
与我相关
我的任务
分享使用模块加载实现系统调用出现的一点疑惑
利用模块加载实现篡改系统调用函数,但如果在自己写的的调用函数hello里有printk语句,则模块加载后,此函数似乎一直在执行,dmesg -c后会一直出现此printk信息,不知道为什么?
下面是代码,请诸位看看
在模块加载后使用测试程序测试,78号系统调用函数确实发生了改变,但就是新的hello函数一直在执行,hello内部的printk会一直打印信息,真是想不通为什么?
下面的dmesg后的效果
而且加载后在gedit 文件时还出现了一个现象
[10746.486344] [sched_delayed] sched: RT throttling activated
root@ubuntu:~/code/4# insmod ./modify_syscall.
modify_syscall.ko modify_syscall.mod.o modify_syscall.o
root@ubuntu:~/code/4# gedit modify_syscall.c
(gedit:14048): GLib-CRITICAL **: g_time_val_to_iso8601: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
(gedit:14048): GLib-CRITICAL **: g_time_val_add: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
(gedit:14048): GLib-CRITICAL **: g_time_val_add: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
(gedit:14048): GLib-CRITICAL **: g_time_val_add: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
(gedit:14048): GLib-CRITICAL **: g_time_val_add: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
下面是代码,请诸位看看
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#define sys_No 78
unsigned long old_sys_call_func;
unsigned long p_sys_call_table = 0xc15ea020;
unsigned long orig_cr0;
static int clear_cr0(void)
{
unsigned int cr0 = 0;
unsigned int ret;
asm volatile ("movl %%cr0, %%eax":"=a"(cr0));
ret = cr0;
cr0 &=0xfffeffff;
asm volatile ("movl %%eax, %%cr0": :"a"(cr0));
return ret;
}
static void setback_cr0(int val)
{
asm volatile ("movl %%eax, %%cr0": :"a"(val));
}
//篡改为自己的78号系统调用的函数
asmlinkage int hello(int a, int b, int c)
{
printk("No 78 syscall has changed to hello\n");
return a+b+c;
}
void modify_syscall(void)
{
unsigned long *sys_call_addr;
orig_cr0 = clear_cr0();
sys_call_addr = (unsigned long *)(p_sys_call_table + sys_No*4);
printk("lelel%x", sys_call_addr);
old_sys_call_func = *(sys_call_addr);
*(sys_call_addr) = (unsigned long)&hello;
printk("I am ok\n");
setback_cr0(orig_cr0);
}
void restore_syscall(void)
{
unsigned long *sys_call_addr;
orig_cr0 = clear_cr0();
sys_call_addr = (unsigned long *)(p_sys_call_table + sys_No*4);
*(sys_call_addr) = old_sys_call_func;
setback_cr0(orig_cr0);
printk("I am leaveing \n");
}
static int mymodule_init(void)
{
modify_syscall();
return 0;
}
static void mymodule_exit(void)
{
restore_syscall();
}
module_init(mymodule_init);
module_exit(mymodule_exit);
MODULE_LICENSE("GPL");
在模块加载后使用测试程序测试,78号系统调用函数确实发生了改变,但就是新的hello函数一直在执行,hello内部的printk会一直打印信息,真是想不通为什么?
下面的dmesg后的效果
而且加载后在gedit 文件时还出现了一个现象
[10746.486344] [sched_delayed] sched: RT throttling activated
root@ubuntu:~/code/4# insmod ./modify_syscall.
modify_syscall.ko modify_syscall.mod.o modify_syscall.o
root@ubuntu:~/code/4# gedit modify_syscall.c
(gedit:14048): GLib-CRITICAL **: g_time_val_to_iso8601: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
(gedit:14048): GLib-CRITICAL **: g_time_val_add: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
(gedit:14048): GLib-CRITICAL **: g_time_val_add: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
(gedit:14048): GLib-CRITICAL **: g_time_val_add: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
(gedit:14048): GLib-CRITICAL **: g_time_val_add: assertion `time_->tv_usec >= 0 && time_->tv_usec < G_USEC_PER_SEC' failed
...全文
请发表友善的回复…
发表回复
羽飞 2014-12-10
- 打赏
- 举报
hello不是替换掉的系统调用吗,有人调用他所以会打印出来
arthurzhuyong 2014-12-10
- 打赏
- 举报
#define __NR_gettimeofday 78
别的进程在调用它, 后面也是调用它导致时间不对了.
xiangle1993 2014-12-10
- 打赏
- 举报
谢谢了
xiangle1993 2014-12-10
- 打赏
- 举报
谢谢啦,懂了
