尝试查找sys_call_table时内核出现混乱

时间:2013-03-13 09:56:00

标签: c linux linux-kernel kernel system-calls

我正在尝试编写一个函数,它将查找bruteforce从起始地址到结束地址搜索sys_call_table的地址。

#define START_ADDRESS 0x815056d0
#define END_ADDRESS 0x81a8e7f0

unsigned long *sys_call_table = NULL;

unsigned long *find_sys_call_table(void)  
{
   unsigned long ptr;

/*
   for (ptr = (unsigned long)&register_kprobe;
        ptr < (unsigned long)&loops_per_jiffy; 
        ptr += sizeof(void *))
*/

   for (ptr = (unsigned long)START_ADDRESS;
        ptr < (unsigned long)END_ADDRESS; 
        ptr += sizeof(void *))
   {
      unsigned long *p = (unsigned long *)ptr;

      if(p[__NR_close] == (unsigned long)sys_close)
      {
         return p;
      }
   }

   return NULL;
}

经过评估的for循环至少在RHEL 6.3,6.4和Fedora 18上工作,但在Debian下不能使用vanilla内核3.7.X.无论如何,如果我在System.map中查找已使用符号的地址,而不是尝试访问地址,它会在恐慌中炸毁内核。不应该两个解决方案做同样的事情或我是盲目的? :)

0 个答案:

没有答案