Listing 1 Printing the addresses of some commonly attacked
system calls
#define __KERNEL__
#define MODULE
#define MODVERSIONS
#include <linux/module.h>
#include <linux/modversions.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/init.h>
#include <asm/unistd.h>
MODULE_LICENSE("GPL");
struct {
ushort limit;
ulong base;
} __attribute__ ((packed)) idtr;
struct {
ushort off1;
ushort sel;
unsigned char none, flags;
ushort off2;
} __attribute__ ((packed)) idt;
void sys_mapper(char **sys_call_table) {
printk("sys_exit %x\n",sys_call_table[__NR_exit]);
printk("sys_fork %x\n",sys_call_table[__NR_fork]);
printk("sys_read %x\n",sys_call_table[__NR_read]);
printk("sys_write %x\n",sys_call_table[__NR_write]);
printk("sys_open %x\n",sys_call_table[__NR_open]);
printk("sys_close %x\n",sys_call_table[__NR_close]);
printk("sys_creat %x\n",sys_call_table[__NR_creat]);
printk("sys_link %x\n",sys_call_table[__NR_link]);
printk("sys_unlink %x\n",sys_call_table[__NR_unlink]);
printk("sys_execve %x\n",sys_call_table[__NR_execve]);
printk("sys_chdir %x\n",sys_call_table[__NR_chdir]);
printk("sys_setuid %x\n",sys_call_table[__NR_setuid]);
printk("sys_mkdir %x\n",sys_call_table[__NR_mkdir]);
printk("sys_rmdir %x\n",sys_call_table[__NR_rmdir]);
printk("sys_stat %x\n",sys_call_table[__NR_stat]);
printk("sys_stat64 %x\n",sys_call_table[__NR_stat64]);
printk("sys_getdents %x\n",sys_call_table[__NR_getdents]);
printk("sys_getdents64 %x\n",sys_call_table[__NR_getdents64]);
}
int init_module(void) {
unsigned char code[512];
unsigned long int80;
char *p,*sct;
int i;
asm("sidt %0" : "=m" (idtr));
memcpy(&idt,idtr.base+0x80*(sizeof(idt)),sizeof(idt));
int80 = idt.off1 | (idt.off2 << 16);
memcpy(&code,int80,sizeof(code));
p = (void *)int80;
for (i=0;i<50;i++) {
if ((p[0] == '\xff') && (p[1] == '\x14') && (p[2] == '\x85')) {
sct = *(unsigned long *)(p+3);
break;
}
++p;
}
sys_mapper((char *)sct);
return 0;
}
void cleanup_module(void) {
}
|
