On 3/26/06, Mikado <mikado4vn@xxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > struct descriptor_idt {
> > unsigned short offset_low, seg_selector;
> > unsigned char reserved, flag;
> > unsigned short offset_high;
> > };
> >
> > .......
> >
> > struct descriptor_idt *descriptor;
> > .......
> >
> > fd_kmem = open("/dev/kmem", O_RDWR);
> > ptr_idt = get_addr_idt();
> > descriptor = (struct descriptor_idt *) malloc(sizeof(struct
> > descriptor_idt));
> > ......
> > readkmem(descriptor, ptr_idt + 8 * x, sizeof(struct descriptor_idt));
> >
> > ......
> >
> > void readkmem(void *m, unsigned off, int size)
> > {
> > int i;
> > if (lseek(fd_kmem, off, SEEK_SET) != off) {
> > fprintf(stderr, "Error lseek. Are you root? \n");
> > exit(-1);
> > }
> > if ((i = read(fd_kmem, m, size)) != size) {
> > fprintf(stderr, "Error read kmem, only read %d bytes\n",i);
> > perror("read");
> > exit(-1);
> > }
> > }
> >
> > unsigned long get_addr_idt(void)
> > {
> > unsigned char idtr[6];
> > unsigned long idt;
> > __asm__ volatile ("sidt %0":"=m" (idtr));
> > idt = *((unsigned long *) &idtr[2]);
> > return (idt);
> > }
> > ----------------------------------------------------------------------
> > When run it, the output is:
> >
> > Error read kmem, only read 0 bytes
> > read: Success
> >
> >
> > I don't know why read error?
>
> finding sys_call_table, system calls' addresses and patching kernel
> on-the-fly, isn't it?
Yes, Phrack 58 <http://www.phrack.org/phrack/58/p58-0x07>
\Steve
-
: send the line "unsubscribe linux-c-programming" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
