StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>I finally found the answer myself.</p> <p><a href="http://www.linuxforums.org/forum/linux-kernel/133982-cannot-modify-sys_call_table.html" rel="noreferrer">http://www.linuxforums.org/forum/linux-kernel/133982-cannot-modify-sys_call_table.html</a></p> <p>The kernel was changed at some point so that the system call table is read only.</p> <p><strong><em>cypherpunk:</em></strong></p> <blockquote> <p>Even if it is late but the Solution may interest others too: In the entry.S file you will find: Code:</p> <pre><code>.section .rodata,"a" #include "syscall_table_32.S" </code></pre> <p>sys_call_table -> ReadOnly You have to compile the Kernel new if you want to "hack" around with sys_call_table...</p> </blockquote> <p>The link also has an example of changing the memory to be writable.</p> <p><strong><em>nasekomoe:</em></strong></p> <blockquote> <p>Hi everybody. Thanks for replies. I solved the problem long ago by modifying access to memory pages. I have implemented two functions that do it for my upper level code:</p> <pre><code>#include <asm/cacheflush.h> #ifdef KERN_2_6_24 #include <asm/semaphore.h> int set_page_rw(long unsigned int _addr) { struct page *pg; pgprot_t prot; pg = virt_to_page(_addr); prot.pgprot = VM_READ | VM_WRITE; return change_page_attr(pg, 1, prot); } int set_page_ro(long unsigned int _addr) { struct page *pg; pgprot_t prot; pg = virt_to_page(_addr); prot.pgprot = VM_READ; return change_page_attr(pg, 1, prot); } #else #include <linux/semaphore.h> int set_page_rw(long unsigned int _addr) { return set_memory_rw(_addr, 1); } int set_page_ro(long unsigned int _addr) { return set_memory_ro(_addr, 1); } #endif // KERN_2_6_24 </code></pre> </blockquote> <p>Here's a modified version of the original code that works for me.</p> <pre><code>#include <linux/kernel.h> #include <linux/module.h> #include <linux/moduleparam.h> #include <linux/unistd.h> #include <asm/semaphore.h> #include <asm/cacheflush.h> void **sys_call_table; asmlinkage int (*original_call) (const char*, int, int); asmlinkage int our_sys_open(const char* file, int flags, int mode) { printk("A file was opened\n"); return original_call(file, flags, mode); } int set_page_rw(long unsigned int _addr) { struct page *pg; pgprot_t prot; pg = virt_to_page(_addr); prot.pgprot = VM_READ | VM_WRITE; return change_page_attr(pg, 1, prot); } int init_module() { // sys_call_table address in System.map sys_call_table = (void*)0xc061e4e0; original_call = sys_call_table[__NR_open]; set_page_rw(sys_call_table); sys_call_table[__NR_open] = our_sys_open; } void cleanup_module() { // Restore the original call sys_call_table[__NR_open] = original_call; } </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload