Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Fork Intercept

By: a guest on Jan 25th, 2013  |  syntax: C  |  size: 1.31 KB  |  hits: 60  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. #include<linux/kernel.h>
  2. #include<linux/module.h>
  3. #include<linux/unistd.h>
  4. #include<linux/semaphore.h>
  5. #include<asm/cacheflush.h>
  6. #include<asm/tlbflush.h>
  7. MODULE_LICENSE("GPL");
  8. void **sys_call_table;
  9. struct page *pg;
  10. asmlinkage int (*original_call)(struct pt_regs);
  11. asmlinkage int our_call(struct pt_regs regs)
  12. {
  13.         printk(KERN_ALERT "Intercepted sys_fork");
  14.         return original_call(regs);
  15. }
  16. static void disable_page_prot(void)
  17. {
  18.         unsigned long value;
  19.         asm volatile ("mov %%cr0,%0" : "=r" (value));
  20.         if(!(value&0x00010000))
  21.                 return;
  22.         asm volatile ("mov %0,%%cr0": :"r" (value & ~0x00010000));
  23. }
  24. static void enable_page_prot(void)
  25. {
  26.         unsigned long value;
  27.         asm volatile("mov %%cr0,%0" : "=r" (value));
  28.         if(value&0x00010000)
  29.                 return;
  30.         asm volatile("mov %0,%%cr0": :"r" (value |0x00010000));
  31. }
  32. static int __init p_entry(void)
  33. {
  34.         printk(KERN_ALERT "Module Intercept inserted");
  35.         sys_call_table=(void *)0xc12c9e90;
  36.         original_call=(void *)sys_call_table[__NR_fork];
  37.         disable_page_prot();
  38.         sys_call_table[__NR_fork]=(unsigned long *)our_call;
  39.         enable_page_prot();
  40.         return 0;
  41. }
  42. static void __exit p_exit(void)
  43. {
  44.         disable_page_prot();
  45.         sys_call_table[__NR_fork]=(unsigned long *)original_call;
  46.         enable_page_prot();
  47.         printk(KERN_ALERT "Module Intercept removed");
  48. }
  49. module_init(p_entry);
  50. module_exit(p_exit);
create a new version of this paste RAW Paste Data