SHARE
TWEET

Untitled

a guest Aug 24th, 2019 98 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. /*
  2.  * Enable kernel address space which is 4G
  3. */
  4. #define ENTER_KERNEL_ADDR_SPACE(oldfs) \
  5. ({ \
  6.     oldfs = get_fs();  \
  7.     set_fs (KERNEL_DS); \
  8. });
  9.  
  10. /*
  11.  * Enable user address space which is 3G
  12.  */
  13. #define EXIT_KERNEL_ADDR_SPACE(oldfs) \
  14. ({ \
  15.     set_fs(oldfs); \
  16. });
  17.  
  18.  
  19. /*
  20.  * Retirve the address of syscall table from
  21.  * for kernel version >= 2.6 using file `/proc/kallsmys`
  22.  * for kernel version < 2.6 using file `/proc/ksyms`
  23.  */
  24. unsigned long * obtain_syscall_table_by_proc(void)
  25. {
  26.     char *file_name                       = PROC_KSYMS;
  27.     int i                                 = 0;         /* Read Index */
  28.     struct file *proc_ksyms               = NULL;      /* struct file the '/proc/kallsyms' or '/proc/ksyms' */
  29.     char *sct_addr_str                    = NULL;      /* buffer for save sct addr as str */
  30.     char proc_ksyms_entry[MAX_LEN_ENTRY]  = {0};       /* buffer for each line at file */
  31.     unsigned long* res                    = NULL;      /* return value */
  32.     char *proc_ksyms_entry_ptr            = NULL;
  33.     int read                              = 0;
  34.     mm_segment_t oldfs;
  35.  
  36.  
  37.     /* Allocate place for sct addr as str */
  38.     if((sct_addr_str = (char*)kmalloc(MAX_LEN_ENTRY * sizeof(char), GFP_KERNEL)) == NULL)
  39.         goto CLEAN_UP;
  40.    
  41.     if(((proc_ksyms = filp_open(file_name, O_RDONLY, 0)) || proc_ksyms) == NULL)
  42.         goto CLEAN_UP;
  43.  
  44.     ENTER_KERNEL_ADDR_SPACE(oldfs);
  45.     read = vfs_read(proc_ksyms, proc_ksyms_entry + i, 1, &(proc_ksyms->f_pos));
  46.     EXIT_KERNEL_ADDR_SPACE(oldfs);
  47.    
  48.     while( read == 1)
  49.     {
  50.         if(proc_ksyms_entry[i] == '\n' || i == MAX_LEN_ENTRY)
  51.         {
  52.             if(strstr(proc_ksyms_entry, "sys_call_table") != NULL)
  53.             {
  54.                 printk(KERN_INFO "Found Syscall table\n");
  55.                 printk(KERN_INFO "Line is:%s\n", proc_ksyms_entry);
  56.  
  57.                 proc_ksyms_entry_ptr = proc_ksyms_entry;
  58.                 strncpy(sct_addr_str, strsep(&proc_ksyms_entry_ptr, " "), MAX_LEN_ENTRY);
  59.                 if((res = kmalloc(sizeof(unsigned long), GFP_KERNEL)) == NULL)
  60.                     goto CLEAN_UP;
  61.                 kstrtoul(sct_addr_str, 16, res);
  62.                 goto CLEAN_UP;
  63.             }
  64.  
  65.             i = -1;
  66.             memset(proc_ksyms_entry, 0, MAX_LEN_ENTRY);
  67.         }
  68.    
  69.         i++;
  70.    
  71. #if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0)
  72.     read = kernel_read(proc_ksyms, proc_ksyms_entry + i, 1, &(proc_ksyms->f_pos));
  73. #else
  74.     ENTER_KERNEL_ADDR_SPACE();
  75.     read = vfs_read(proc_ksyms, proc_ksyms_entry + i, 1, &(proc_ksyms->f_pos));
  76.     EXIT_KERNEL_ADDR_SPACE();
  77. #endif
  78.  
  79.     }
  80.  
  81.  
  82. CLEAN_UP:
  83.     if(sct_addr_str != NULL)
  84.         kfree(sct_addr_str);
  85.     if(proc_ksyms != NULL)
  86.         filp_close(proc_ksyms, 0);
  87.  
  88.     return (unsigned long*)res;
  89. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top