On Tue, Aug 3, 2010 at 8:29 PM, Kamyar Mohajerani <kammoh@xxxxxxxxx> wrote: > Hello everyone, > This is my first message to the KernelNewbies mailing list, so please > correct me if I'm not asking my question the right way. > What I actually want to do is to somehow intercept an internal kernel > function. The only way that seemed possible from my research was the > "classic" function injection technique (similar to the ones mentioned in the > old Phrack 59 and 61) by finding the function's address (e.g. through Phrack? The ultimate hacker's magazine.....:-). > /proc/kallsyms), overriding the first instructions with a jmp to my own > function (and optionally calling the original function by the same or other > tricks). This method works just fine for sys_* system call functions without ok...u managed to do these.....so i assumed u have done one important thing: set the ".text" memory pages to read-writable (not all but only those that u need), as recent version all have read-exec only permission bit set on the pages. > any problem. But when I try the same method for a function like printk , the sorry...i am terribly confused....u inline hook printk()? and then u mentioned later that u can call printk()?......u see...i am seeing some recursive deadlock here. how is it that u can used the "printk()" function: which in my kernel is: cat /proc/kallsyms |grep printk c05c56fa T printk and then u inlined hook printk()...which means u introduced a redirection jump at the address 0xc05c56fa? when u inlined hook the original printk() to "myprintk()", all calls to printk() will execute your myprintk(), but inside your myprintk() u called "printk()", which get resolved (by modprobe's symbol-address resolution process) to myprintk(). please give us some snippets of the code? > kernel crashes while my overridden function gets called. I'm sure my > overridden function is called as I can use the original prink in it. I have > lock and unlocked inside my function. I have also changed the function with > a one without any instructions in the body and still THE SAME thing > happens! > [ so sorry for the double post, I accidentally hit the send, I guess I was > too excited for my first post! :-) ] Good....excitement at first post == love (for linux kernel) at first sight? -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
