[ create a new paste ] login | about

Link: http://codepad.org/W3ThQbb8    [ raw code | fork ]

C, pasted on Sep 17: 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/unistd.h>
#include <asm/cacheflush.h>

MODULE_LICENSE ("GPL");

//Address from in System.map
void **sys_call_table = (void*)0xffffffff81551380;

asmlinkage int (*orig_fopen) (const char*, int, int);

asmlinkage int new_fopen(const char* file, int flags, int mode)
{
   printk("A file was opened!\n");
   return orig_fopen(file, flags, mode);
}

int init_module()
{
    //Save orginal function entry we are replacing
    orig_fopen = sys_call_table[__NR_open];
    //Make page writeable
    set_memory_rw((long unsigned int)sys_call_table, 1);
    //Replace Entry
    sys_call_table[__NR_open] = new_fopen;
    //Restore RO permission to syscall table    
    set_memory_ro((long unsigned int)sys_call_table, 1);    
    return 0;
}

void cleanup_module()
{
   //Restore the original call
   set_memory_rw((long unsigned int)sys_call_table, 1);
   sys_call_table[__NR_open] = orig_fopen;
   set_memory_ro((long unsigned int)sys_call_table, 1);
}


Create a new paste based on this one


Comments: