On 4/25/06, Gaurav Dhiman <gauravd.chd@xxxxxxxxx> wrote: > On 4/25/06, Greg KH <greg@xxxxxxxxx> wrote: > > On Tue, Apr 25, 2006 at 02:32:00AM +0530, Gaurav Dhiman wrote: > > > Here is more on it ..... the actual technical reason, why it did not > > > work as expected on Linux Kernel. > > > > > > Have a look: > > > http://software.newsforge.com/article.pl?sid=06/04/18/1941251 > > > > Note that this is now fixed so the virus will "work" on the latest > > 2.6.16-stable kernel release :) > > Hi Greg, > > Can you explain in bit detail, what was happening earlier. > I got some idea that the register value was changed by Assembly code > generated for sys_ftruncate() by GCC, but how it was not allowing the > virus to act. Also do explain if you know what virus was intented to > do. > > Also please put some light, can sytem call be invoked by some other > mechanisum also other than int 0x80 ? (as mentioned in this or some > other articles). I am in impression that system call can be done > through only one entry of IDT and that is 0x80th entry, am I wrong ? > There's also then 'sysenter'/'syscall' instructions. An explanation can be found here (just one of many google can find you) : http://www.win.tue.nl/~aeb/linux/lk/lk-4.html#ss4.6 -- Jesper Juhl <jesper.juhl@xxxxxxxxx> Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html Plain text mails only, please http://www.expita.com/nomime.html -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
