Añadido pid

1 files changed, 77 insertions, 0 deletions

diff --git a/syscall/syscall.c b/syscall/syscall.c
new file mode 100644
index 0000000..8decf5c
--- /dev/null
+++ b/syscall/syscall.c
@@ -0,0 +1,77 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/moduleparam.h>
+#include <linux/unistd.h>
+#include <linux/sched.h>
+#include <linux/syscalls.h>
+#include <asm/uaccess.h>
+
+extern void* sys_call_table[];
+
+static int uid;
+module_param(uid, int, 0644);
+
+//extern asmlinkage long (*sys_open) (const char __user *filename, int flags, int mode);
+
+asmlinkage int (*original_call) (const char*, int, int);
+
+asmlinkage int our_sys_open(const char* filename, int flags, int mode)
+{
+	int i = 0;
+	char ch;
+
+	if (uid == current->cred->uid) {
+		printk("Opened file by %d: ", uid);
+		do {
+			get_user(ch, filename + i++);
+			printk("%c", ch);
+		} while (ch != 0);
+		printk("\n");
+	}
+
+	return original_call(filename, flags, mode);
+}
+
+//unsigned long** find_sys_call_table(void)
+//{
+//	unsigned long** sctable;
+//	unsigned long ptr;
+//
+//	extern int loops_per_jiffy;
+//
+//	sctable = NULL;
+//	for (ptr = (unsigned long)&loops_per_jiffy;
+//			ptr < (unsigned long)&boot_cpu_data; ptr += sizeof(void*)) {
+//		unsigned long *p;
+//		p = (unsigned long*)ptr;
+//		if (p[__NR_open] == (unsigned long) sys_open) {
+//			sctable = (unsigned long**)p;
+//			return sctable;
+//		}
+//	}
+//
+//	return sctable;
+//}
+
+int init_module(void)
+{
+	original_call = sys_call_table[__NR_open];
+	sys_call_table[__NR_open] = our_sys_open;
+
+	printk(KERN_INFO "Spying on uid: %d\n", uid);
+//	printk(KERN_INFO "sys_call_table[__NR_open] = %p\n", find_sys_call_table()[__NR_open]);
+
+	return 0;
+}
+
+void cleanup_module(void)
+{
+	if (sys_call_table[__NR_open] != our_sys_open) {
+		printk(KERN_ALERT "Somebody else also played with the open syscall\n");
+		printk(KERN_ALERT "The system may be left in an unstable state\n");
+	}
+
+	sys_call_table[__NR_open] = original_call;
+}
+
+MODULE_LICENSE("GPL");