LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* OOPS: how to hook system_call_table in redhat es5.1 on x86_64 platform
@ 2008-03-02  1:40 Gang He
  2008-03-02 20:04 ` Arjan van de Ven
  0 siblings, 1 reply; 2+ messages in thread
From: Gang He @ 2008-03-02  1:40 UTC (permalink / raw)
  To: linux-kernel

Hi,

as you know, Linux kernel (>2.6.18) set some pages read-only, we can
not hook system_call_table directly like before, the new source code
on i386 is

#ifdef CONFIG_DEBUG_RODATA
     // fix kernel perms
    change_page_attr(virt_to_page(syscall_table), 1, PAGE_KERNEL);
    global_flush_tlb();
#endif

    // hook syscall_table, change some system call to your function
   syscall_table[__NR_open] = my_sys_open;

#ifdef CONFIG_DEBUG_RODATA
     // fix kernel perms
    change_page_attr(virt_to_page(syscall_table), 1, PAGE_KERNEL_RO);
    global_flush_tlb();
#endif

but I use the source code above to redhat es5.1 on x86_64, this will
bring Linux crash, who can help me  to hook system_call_table in
redhat es5.1 on x86_64 platform.

Thanks
Gang

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: OOPS: how to hook system_call_table in redhat es5.1 on x86_64 platform
  2008-03-02  1:40 OOPS: how to hook system_call_table in redhat es5.1 on x86_64 platform Gang He
@ 2008-03-02 20:04 ` Arjan van de Ven
  0 siblings, 0 replies; 2+ messages in thread
From: Arjan van de Ven @ 2008-03-02 20:04 UTC (permalink / raw)
  To: Gang He; +Cc: linux-kernel

On Sun, 2 Mar 2008 09:40:14 +0800
"Gang He" <hegang.linux@gmail.com> wrote:

> Hi,
> 
> as you know, Linux kernel (>2.6.18) set some pages read-only, we can
> not hook system_call_table directly like before, the new source code
> on i386 is
> 

Hi,

2 items:
1) lkml is not a tutorial list for how to write rootkits
2) you forgot to point to your full source code; hooking the system call table
   is the wrong thing to do, but by not mentioning your (GPL) source code you
   don't give us the option to give you suggestions on how to achieve what you
   want.

I would suggest you come back to this mailing list with more context on what you
are trying to achieve including a pointer to the source code.


-- 
If you want to reach me at my work email, use arjan@linux.intel.com
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-03-02 20:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-03-02  1:40 OOPS: how to hook system_call_table in redhat es5.1 on x86_64 platform Gang He
2008-03-02 20:04 ` Arjan van de Ven

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).