forked from cormander/tpe-lkm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
kernfunc.c
86 lines (58 loc) · 1.62 KB
/
kernfunc.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#include "module.h"
static struct kernsym sym_module_alloc;
static struct kernsym sym_module_free;
static struct kernsym sym_insn_init;
static struct kernsym sym_insn_get_length;
static struct kernsym sym_insn_rip_relative;
// locate the kernel symbols we need that aren't exported
int kernfunc_init(void) {
int ret;
ret = find_symbol_address(&sym_module_alloc, "module_alloc");
if (IN_ERR(ret))
return ret;
ret = find_symbol_address(&sym_module_free, "module_free");
if (IN_ERR(ret))
return ret;
ret = find_symbol_address(&sym_insn_init, "insn_init");
if (IN_ERR(ret))
return ret;
ret = find_symbol_address(&sym_insn_get_length, "insn_get_length");
if (IN_ERR(ret))
return ret;
ret = find_symbol_address(&sym_insn_rip_relative, "insn_rip_relative");
if (IN_ERR(ret))
return ret;
return 0;
}
// call to module_alloc
void *malloc(unsigned long size) {
void *(*run)(unsigned long) = sym_module_alloc.run;
return run(size);
}
// call to module_free
void malloc_free(void *buf) {
void (*run)(struct module *, void *) = sym_module_free.run;
if (buf != NULL)
run(NULL, buf);
}
// call to insn_init
void tpe_insn_init(struct insn *insn, const void *kaddr) {
void (*run)(struct insn *, const void *, int) = sym_insn_init.run;
run(insn, kaddr,
#ifdef CONFIG_X86_64
1
#else // CONFIG_X86_32
0
#endif
);
}
// call to insn_get_length
void tpe_insn_get_length(struct insn *insn) {
void (*run)(struct insn *) = sym_insn_get_length.run;
run(insn);
}
// call to insn_rip_relative
int tpe_insn_rip_relative(struct insn *insn) {
int (*run)(struct insn *) = sym_insn_rip_relative.run;
return run(insn);
}