Hi all, I'm hijacking the page fault exception handler by means of technique described by kad in phrack 50-0x04. This technique is valid and functional for kernel 2.4 and is applied to int3 exception. Now, I'm using it in a 2.6 LKM and I've found some problem. I've read lines of code regarding this hijacking and I've noticed a difference form between 2.4 and 2.6 kernel. In particular, in file Entry.S: KPROBE_ENTRY(page_fault) pushl $do_page_fault jmp error_code .previous .text instead of: ENTRY(page_fault) pushl $ SYMBOL_NAME(do_page_fault) jmp error_code What does it means? What the difference by KPROBE_ENTRY and ENTRY? Do you have some ideas about how I've to change your program to do a page_fault hijacking in kernel 2.6? Thanks. Vincenzo Mallozzi. ___________________________________ Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB http://mail.yahoo.it -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
