diff options
Diffstat (limited to 'syscall')
| -rw-r--r-- | syscall/Makefile | 7 | ||||
| -rw-r--r-- | syscall/syscall.c | 77 |
2 files changed, 84 insertions, 0 deletions
diff --git a/syscall/Makefile b/syscall/Makefile new file mode 100644 index 0000000..332678d --- /dev/null +++ b/syscall/Makefile @@ -0,0 +1,7 @@ +obj-m += syscall.o + +all: + make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules + +clean: + make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean diff --git a/syscall/syscall.c b/syscall/syscall.c new file mode 100644 index 0000000..8decf5c --- /dev/null +++ b/syscall/syscall.c @@ -0,0 +1,77 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/moduleparam.h> +#include <linux/unistd.h> +#include <linux/sched.h> +#include <linux/syscalls.h> +#include <asm/uaccess.h> + +extern void* sys_call_table[]; + +static int uid; +module_param(uid, int, 0644); + +//extern asmlinkage long (*sys_open) (const char __user *filename, int flags, int mode); + +asmlinkage int (*original_call) (const char*, int, int); + +asmlinkage int our_sys_open(const char* filename, int flags, int mode) +{ + int i = 0; + char ch; + + if (uid == current->cred->uid) { + printk("Opened file by %d: ", uid); + do { + get_user(ch, filename + i++); + printk("%c", ch); + } while (ch != 0); + printk("\n"); + } + + return original_call(filename, flags, mode); +} + +//unsigned long** find_sys_call_table(void) +//{ +// unsigned long** sctable; +// unsigned long ptr; +// +// extern int loops_per_jiffy; +// +// sctable = NULL; +// for (ptr = (unsigned long)&loops_per_jiffy; +// ptr < (unsigned long)&boot_cpu_data; ptr += sizeof(void*)) { +// unsigned long *p; +// p = (unsigned long*)ptr; +// if (p[__NR_open] == (unsigned long) sys_open) { +// sctable = (unsigned long**)p; +// return sctable; +// } +// } +// +// return sctable; +//} + +int init_module(void) +{ + original_call = sys_call_table[__NR_open]; + sys_call_table[__NR_open] = our_sys_open; + + printk(KERN_INFO "Spying on uid: %d\n", uid); +// printk(KERN_INFO "sys_call_table[__NR_open] = %p\n", find_sys_call_table()[__NR_open]); + + return 0; +} + +void cleanup_module(void) +{ + if (sys_call_table[__NR_open] != our_sys_open) { + printk(KERN_ALERT "Somebody else also played with the open syscall\n"); + printk(KERN_ALERT "The system may be left in an unstable state\n"); + } + + sys_call_table[__NR_open] = original_call; +} + +MODULE_LICENSE("GPL"); |