On Fri, Jan 31, 2003 at 05:24:06PM +0530, Mohanasundaram C wrote:
| static int locate_sys_call_table(void) {
| unsigned long *begin;
| int i;
|
| begin=(unsigned long *) &system_utsname;
| for (i=0;i<1024;i++) {
| if (*(begin+i)==(unsigned long) sys_socketcall) {
| sys_call_table=(void *) (begin+i-__NR_socketcall);
| //are you sure?
| if (sys_call_table[__NR_exit]==(void *) sys_exit) {
| printk("success: located sys_call_table: %X\n",(unsigned
| int) sys_call_table);
The code assumes that the sys_call_table symbol is located within 1024
bytes of the variable system_utsname. It checks all the address from
that of system_utsname, to 1024 bytes hence. It checks by supposing the
sys_socketcall is located at the particular address, and so the
sys_call_table would be located at the address minus the system call
number. The the code `double checks' the supposition by checking for
sys_exit system call. I think the numbers would required to be multipled
by the sizeof(funcptr), for the above code to be effective.
--
Chirag Kantharia, symonds.net/~chyrag/
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive: http://mail.nl.linux.org/kernelnewbies/
FAQ: http://kernelnewbies.org/faq/
