Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <linux/module.h> /* Needed by all modules */
- #include <linux/kernel.h> /* Needed for KERN_INFO */
- #include <linux/kprobes.h> /* Needed for KERN_INFO */
- #include <linux/kallsyms.h> /* Needed for KERN_INFO */
- int n_sys_mprotect(unsigned long start, size_t len, long prot)
- {
- struct pt_regs *regs = task_pt_regs(current);
- start = regs->bx;
- len = regs->cx;
- prot = regs->dx;
- printk("start: 0x%lx len: %u prot: 0x%lx\n", start, len, prot);
- jprobe_return();
- return 0;
- }
- /*
- The following entry in struct jprobe is 'void *entry'
- and simply points to the jprobe function handler that will
- be executing when the probe is hit on the function entry
- point.
- */
- static struct jprobe mprotect_jprobe =
- {
- .entry = (kprobe_opcode_t *)n_sys_mprotect // function entry
- };
- static int __init jprobe_init(void)
- {
- int ret;
- /* kp.addr is kprobe_opcode_t *addr; from struct kprobe and */
- /* points to the probe point where the trap will occur. In */
- /* our case we are probing sys_mprotect */
- mprotect_jprobe.kp.addr = (kprobe_opcode_t *)kallsyms_lookup_name("sys_mprotect");
- if ((ret = register_jprobe(&mprotect_jprobe)) < 0)
- {
- printk("register_jprobe failed for sys_mprotect\n");
- return -1;
- }
- return 0;
- }
- int init_module(void)
- {
- jprobe_init();
- return 0;
- }
- void exit_module(void)
- {
- unregister_jprobe(&mprotect_jprobe);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement