summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a60e84a)
raw | patch | inline | side by side (parent: a60e84a)
| author | keytouch <qsytech@126.com> | |
| Fri, 22 Dec 2023 03:46:46 +0000 (11:46 +0800) | ||
| committer | keytouch <qsytech@126.com> | |
| Fri, 22 Dec 2023 12:17:02 +0000 (20:17 +0800) |
sys_call_table is already declared in arch/x86/include/asm/syscall.h but of
cource not exported by the kernel.
before this commit, gcc complains as follows:
/usr/src/linux-headers-6.1.0-16-common/arch/x86/include/asm/syscall.h:21:29:
note: previous declaration of 'sys_call_table' with type 'long int (*
const[])(const struct pt_regs *)'
21 | extern const sys_call_ptr_t sys_call_table[];
cource not exported by the kernel.
before this commit, gcc complains as follows:
/usr/src/linux-headers-6.1.0-16-common/arch/x86/include/asm/syscall.h:21:29:
note: previous declaration of 'sys_call_table' with type 'long int (*
const[])(const struct pt_regs *)'
21 | extern const sys_call_ptr_t sys_call_table[];
| examples/syscall_steal.c | patch | blob | blame | history |
index 129a4bfb85db8d64dd04adc1001030e67b36f448..4a2f644331eb27df3cfb1e554ea755b527310159 100644 (file)
--- a/examples/syscall_steal.c
+++ b/examples/syscall_steal.c
#endif /* Version < v5.7 */
-static unsigned long **sys_call_table;
+static unsigned long **sys_call_table_stolen;
/* UID we want to spy on - will be filled from the command line. */
static uid_t uid = -1;
static int __init syscall_steal_start(void)
{
- if (!(sys_call_table = acquire_sys_call_table()))
+ if (!(sys_call_table_stolen = acquire_sys_call_table()))
return -1;
disable_write_protection();
/* keep track of the original open function */
- original_call = (void *)sys_call_table[__NR_openat];
+ original_call = (void *)sys_call_table_stolen[__NR_openat];
/* use our openat function instead */
- sys_call_table[__NR_openat] = (unsigned long *)our_sys_openat;
+ sys_call_table_stolen[__NR_openat] = (unsigned long *)our_sys_openat;
enable_write_protection();
static void __exit syscall_steal_end(void)
{
- if (!sys_call_table)
+ if (!sys_call_table_stolen)
return;
/* Return the system call back to normal */
- if (sys_call_table[__NR_openat] != (unsigned long *)our_sys_openat) {
+ if (sys_call_table_stolen[__NR_openat] != (unsigned long *)our_sys_openat) {
pr_alert("Somebody else also played with the ");
pr_alert("open system call\n");
pr_alert("The system may be left in ");
}
disable_write_protection();
- sys_call_table[__NR_openat] = (unsigned long *)original_call;
+ sys_call_table_stolen[__NR_openat] = (unsigned long *)original_call;
enable_write_protection();
msleep(2000);