int kernfunc_init(void) {
int ret;
ret = find_symbol_address(&sym_module_alloc, "module_alloc");
if (IN_ERR(ret))
return ret;
ret = find_symbol_address(&sym_module_free, "module_free");
if (IN_ERR(ret))
return ret;
ret = find_symbol_address(&sym_insn_init, "insn_init");
if (IN_ERR(ret))
return ret;
ret = find_symbol_address(&sym_insn_get_length, "insn_get_length");
if (IN_ERR(ret))
return ret;
ret = find_symbol_address(&sym_insn_rip_relative, "insn_rip_relative");
if (IN_ERR(ret))
return ret;
return 0;
}
void CRunDlg::OnOK()
{
char * eptr = NULL;
mem_addr addr = 0;
// Make sure they've specified a valid address.
UpdateData();
if (!m_strAddress.IsEmpty())
{
if (isdigit(m_strAddress[0]))
addr = (mem_addr)strtoul(m_strAddress, &eptr, 0);
else
{
char *szAddress = m_strAddress.GetBuffer(0);
addr = find_symbol_address(szAddress);
m_strAddress.ReleaseBuffer();
}
if (addr == 0)
{
CString strMsg;
strMsg.Format("Please enter an address or symbol at which to begin execution.\n"
"Or, leave blank to begin at the default address of 0x%08x", starting_address());
MessageBox(strMsg);
return;
}
char *undefSyms;
if (m_checkUndefinedSymbols && (undefSyms = undefined_symbol_string ()) != NULL)
{
CString strMsg;
strMsg.Format("The following symbols are undefined:\n%s\n", undefSyms);
int outcome = MessageBox(strMsg, NULL, MB_OKCANCEL);
if (outcome == 2) // "Cancel"
{
OnCancel();
return;
}
}
}
CDialog::OnOK();
}
static void
add_breakpoint_action (Widget w, XtPointer client_data, XtPointer call_data)
{
Widget dialog = (Widget) client_data;
String value = XawDialogGetValueString (dialog);
mem_addr addr;
free (breakpoint_addr);
breakpoint_addr = str_copy (value);
while (*breakpoint_addr == ' ') breakpoint_addr++;
if (isdigit (*breakpoint_addr))
addr = strtoul (value, NULL, 0);
else
addr = find_symbol_address (breakpoint_addr);
add_breakpoint (addr);
destroy_popup_prompt (NULL, (XtPointer) dialog, (XtPointer) NULL);
}
int symbol_hijack(struct kernsym *sym, const char *symbol_name, unsigned long *code) {
int ret;
unsigned long orig_addr;
unsigned long dest_addr;
unsigned long end_addr;
u32 *poffset;
struct insn insn;
bool pte_ro;
ret = find_symbol_address(sym, symbol_name);
if (IN_ERR(ret))
return ret;
if (*(u8 *)sym->addr == OP_JMP_REL32) {
printk(PKPRE "error: %s already appears to be hijacked\n", symbol_name);
return -EFAULT;
}
sym->new_addr = malloc(sym->size);
if (sym->new_addr == NULL) {
printk(PKPRE
"Failed to allocate buffer of size %lu for %s\n",
sym->size, sym->name);
return -ENOMEM;
}
memset(sym->new_addr, 0, (size_t)sym->size);
if (sym->size < OP_JMP_SIZE) {
ret = -EFAULT;
goto out_error;
}
orig_addr = (unsigned long)sym->addr;
dest_addr = (unsigned long)sym->new_addr;
end_addr = orig_addr + sym->size;
while (end_addr > orig_addr && *(u8 *)(end_addr - 1) == '\0')
--end_addr;
if (orig_addr == end_addr) {
printk(PKPRE
"A spurious symbol \"%s\" (address: %p) seems to contain only zeros\n",
sym->name,
sym->addr);
ret = -EILSEQ;
goto out_error;
}
while (orig_addr < end_addr) {
tpe_insn_init(&insn, (void *)orig_addr);
tpe_insn_get_length(&insn);
if (insn.length == 0) {
printk(PKPRE
"Failed to decode instruction at %p (%s+0x%lx)\n",
(const void *)orig_addr,
sym->name,
orig_addr - (unsigned long)sym->addr);
ret = -EILSEQ;
goto out_error;
}
copy_and_fixup_insn(&insn, (void *)dest_addr, sym);
orig_addr += insn.length;
dest_addr += insn.length;
}
sym->new_size = dest_addr - (unsigned long)sym->new_addr;
sym->run = sym->new_addr;
set_addr_rw((unsigned long) sym->addr, &pte_ro);
memcpy(&sym->orig_start_bytes[0], sym->addr, OP_JMP_SIZE);
*(u8 *)sym->addr = OP_JMP_REL32;
poffset = (u32 *)((unsigned long)sym->addr + 1);
*poffset = CODE_OFFSET_FROM_ADDR((unsigned long)sym->addr,
OP_JMP_SIZE, (unsigned long)code);
set_addr_ro((unsigned long) sym->addr, pte_ro);
sym->hijacked = true;
return 0;
out_error:
malloc_free(sym->new_addr);
return ret;
}
