1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/unistd.h>
#include <linux/sched.h>
#include <linux/syscalls.h>
#include <asm/uaccess.h>
extern void* sys_call_table[];
static int uid;
module_param(uid, int, 0644);
//extern asmlinkage long (*sys_open) (const char __user *filename, int flags, int mode);
asmlinkage int (*original_call) (const char*, int, int);
asmlinkage int our_sys_open(const char* filename, int flags, int mode)
{
int i = 0;
char ch;
if (uid == current->cred->uid) {
printk("Opened file by %d: ", uid);
do {
get_user(ch, filename + i++);
printk("%c", ch);
} while (ch != 0);
printk("\n");
}
return original_call(filename, flags, mode);
}
//unsigned long** find_sys_call_table(void)
//{
// unsigned long** sctable;
// unsigned long ptr;
//
// extern int loops_per_jiffy;
//
// sctable = NULL;
// for (ptr = (unsigned long)&loops_per_jiffy;
// ptr < (unsigned long)&boot_cpu_data; ptr += sizeof(void*)) {
// unsigned long *p;
// p = (unsigned long*)ptr;
// if (p[__NR_open] == (unsigned long) sys_open) {
// sctable = (unsigned long**)p;
// return sctable;
// }
// }
//
// return sctable;
//}
int init_module(void)
{
original_call = sys_call_table[__NR_open];
sys_call_table[__NR_open] = our_sys_open;
printk(KERN_INFO "Spying on uid: %d\n", uid);
// printk(KERN_INFO "sys_call_table[__NR_open] = %p\n", find_sys_call_table()[__NR_open]);
return 0;
}
void cleanup_module(void)
{
if (sys_call_table[__NR_open] != our_sys_open) {
printk(KERN_ALERT "Somebody else also played with the open syscall\n");
printk(KERN_ALERT "The system may be left in an unstable state\n");
}
sys_call_table[__NR_open] = original_call;
}
MODULE_LICENSE("GPL");
|
