#include <linux/module.h> /* Needed by all modules */#include <linux/kernel.h>

1. #include <linux/module.h>   /* Needed by all modules */
2. #include <linux/kernel.h>   /* Needed for KERN_INFO */
3. #include <linux/kprobes.h>  /* Needed for KERN_INFO */
4. #include <linux/kallsyms.h> /* Needed for KERN_INFO */
5.  
6. int n_sys_mprotect(unsigned long start, size_t len, long prot)
7. {
8.     struct pt_regs *regs = task_pt_regs(current);
9.    
10.     start = regs->bx;
11.     len = regs->cx;
12.     prot = regs->dx;
13.  
14.     printk("start: 0x%lx len: %u prot: 0x%lx\n", start, len, prot);
15.     jprobe_return();
16.     return 0;
17. }          
18.  
19. /*
20.     The following entry in struct jprobe is 'void *entry'
21.     and simply points to the jprobe function handler that will
22.     be executing when the probe is hit on the function entry
23.     point.
24. */
25.  
26. static struct jprobe mprotect_jprobe =
27. {
28.     .entry = (kprobe_opcode_t *)n_sys_mprotect  // function entry  
29. };
30.  
31. static int __init jprobe_init(void)
32. {
33.     int ret;
34.     /* kp.addr is kprobe_opcode_t *addr; from struct kprobe and */
35.     /* points to the probe point where the trap will occur. In */
36.     /* our case we are probing sys_mprotect */
37.     mprotect_jprobe.kp.addr = (kprobe_opcode_t *)kallsyms_lookup_name("sys_mprotect");
38.    
39.     if ((ret = register_jprobe(&mprotect_jprobe)) < 0)
40.     {
41.         printk("register_jprobe failed for sys_mprotect\n");
42.         return -1;
43.     }
44.    
45.     return 0;
46. }
47.  
48.  
49. int init_module(void)
50. {
51.     jprobe_init();
52.     return 0;
53. }
54.  
55. void exit_module(void)
56. {
57.     unregister_jprobe(&mprotect_jprobe);
58. }