Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include<linux/kernel.h>
- #include<linux/module.h>
- #include<linux/unistd.h>
- #include<linux/semaphore.h>
- #include<asm/cacheflush.h>
- #include<asm/tlbflush.h>
- MODULE_LICENSE("GPL");
- void **sys_call_table;
- struct page *pg;
- asmlinkage int (*original_call)(struct pt_regs);
- asmlinkage int our_call(struct pt_regs regs)
- {
- printk(KERN_ALERT "Intercepted sys_fork");
- return original_call(regs);
- }
- static void disable_page_prot(void)
- {
- unsigned long value;
- asm volatile ("mov %%cr0,%0" : "=r" (value));
- if(!(value&0x00010000))
- return;
- asm volatile ("mov %0,%%cr0": :"r" (value & ~0x00010000));
- }
- static void enable_page_prot(void)
- {
- unsigned long value;
- asm volatile("mov %%cr0,%0" : "=r" (value));
- if(value&0x00010000)
- return;
- asm volatile("mov %0,%%cr0": :"r" (value |0x00010000));
- }
- static int __init p_entry(void)
- {
- printk(KERN_ALERT "Module Intercept inserted");
- sys_call_table=(void *)0xc12c9e90;
- original_call=(void *)sys_call_table[__NR_fork];
- disable_page_prot();
- sys_call_table[__NR_fork]=(unsigned long *)our_call;
- enable_page_prot();
- return 0;
- }
- static void __exit p_exit(void)
- {
- disable_page_prot();
- sys_call_table[__NR_fork]=(unsigned long *)original_call;
- enable_page_prot();
- printk(KERN_ALERT "Module Intercept removed");
- }
- module_init(p_entry);
- module_exit(p_exit);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
