系统调用linux中的黑客攻击

时间:2017-08-15 07:41:55

标签: linux-kernel arm linux-device-driver embedded-linux beagleboneblack

我正在尝试为 linux 4.9 编写替换系统调用内核模块。互联网上的所有解决方案都特定于 x86 ,但我正在研究具有 arm cortex A8 的Beaglebone Black。 这是我到目前为止所做的。

static unsigned long *sys_call_table; // this is a global

模块化时,模块显示为/ dev中的设备,用户可以打开该模块并提供ioctl命令。在ioctl中我使用

sys_call_table=(void*)kallsyms_lookup_name("sys_call_table");

获取与System.map文件中给出的地址相同的地址。但是我尝试使用

更改系统调用的那一刻 
*(sys_call_table + __NR_open) = (unsigned long)custom_open;

它会出错。他们是

[  155.354417] Unable to handle kernel paging request at virtual address c01079f8
[  155.361959] pgd = de6c0000
[  155.364780] [c01079f8] *pgd=8000041e(bad)
[  155.368981] Internal error: Oops: 80d [#1] SMP ARM
[  155.373980] Modules linked in: intercept(O) [last unloaded: intercept]
[  155.380821] CPU: 0 PID: 120 Comm: test Tainted: G           O    4.9.39 #1
[  155.387991] Hardware name: Generic AM33XX (Flattened Device Tree)
[  155.394342] task: de6b2380 task.stack: de664000
[  155.399089] PC is at my_ioctl+0x64/0x94 [intercept]
[  155.404180] LR is at my_ioctl+0x58/0x94 [intercept]
[  155.409269] pc : [<bf0040dc>]    lr : [<bf0040d0>]    psr: 60000013
[  155.409269] sp : de665f08  ip : 00000001  fp : bedb0c54
[  155.421258] r10: 00000000  r9 : 00000003  r8 : 00000003
[  155.426711] r7 : c02b354c  r6 : de6293c0  r5 : de6dc2f0  r4 : bf004580
[  155.433522] r3 : c01079e4  r2 : bf004000  r1 : ffffe000  r0 : bf004294
[  155.440334] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
[  155.447773] Control: 10c5387d  Table: 9e6c0019  DAC: 00000051
[  155.453772] Process test (pid: 120, stack limit = 0xde664218)
[  155.459771] Stack: (0xde665f08 to 0xde666000)
[  155.464321] 5f00:                   bedb0dac c02b2aec 00000000 de6b2670 de665f7c c07ddc98
[  155.472862] 5f20: 60000013 c0c0512c c0cbfe80 c0192d10 c0c8311c de611000 c029ddd8 c0cbf624
[  155.481401] 5f40: 2ae98e92 00000024 2b36fb89 00000024 c07de574 df947010 de6293c8 de664000
[  155.489938] 5f60: 00000000 00000000 de6293c0 de6293c0 00000005 bedb0dac 00000003 00000000
[  155.498469] 5f80: bedb0c54 c02b354c 00000000 00000000 0001036c 00000036 c01079e4 de664000
[  155.507005] 5fa0: 00000000 c0107840 00000000 00000000 00000003 00000005 bedb0dac 00010494
[  155.515541] 5fc0: 00000000 00000000 0001036c 00000036 00000000 00000000 b6f12000 bedb0c54
[  155.524075] 5fe0: b6e74d90 bedb0c44 000104bc b6e74d9c 60000010 00000003 00000000 00000000
[  155.532633] [<bf0040dc>] (my_ioctl [intercept]) from [<c02b2aec>] (do_vfs_ioctl+0x90/0xa84)
[  155.541357] [<c02b2aec>] (do_vfs_ioctl) from [<c02b354c>] (SyS_ioctl+0x6c/0x7c)
[  155.548992] [<c02b354c>] (SyS_ioctl) from [<c0107840>] (ret_fast_syscall+0x0/0x1c)
[  155.556898] Code: eb48ce6e e5943004 e59f2028 e59f0028 (e5832014) 
[  155.563276] ---[ end trace 0529de7e48dd6bb4 ]---
[  155.571707] MyDevice closed
Segmentation fault

请给我一个解决方案特定于武器

0 个答案:

没有答案
相关问题
最新问题