static void __exit my_exit (void)
{
unregister_jprobe (&jp);
printk (KERN_INFO "jprobe unregistered\n");
printk (KERN_INFO "FINAL:mod_timer_count=%ld\n", mod_timer_count);
}
int kmemchecker_probes_init(void)
{
int ret;
my_kmalloc_kretprobe.kp.symbol_name = func_name;
ret = register_kretprobe(&my_kmalloc_kretprobe);
if (ret < 0) {
printk(KERN_INFO "kretprobe failed, returned %d\n",
ret);
return -1;
}
printk(KERN_INFO "Planted return probe at %s: %p\n",
my_kmalloc_kretprobe.kp.symbol_name,
my_kmalloc_kretprobe.kp.addr);
ret = register_jprobe(&my_kfree_jprobe);
if (ret < 0) {
unregister_kretprobe(&my_kmalloc_kretprobe);
return -1;
}
printk(KERN_INFO "hook kfree\n");
my_kmem_cache_alloc_kretprobe.kp.symbol_name = "__slab_alloc";
ret = register_kretprobe(&my_kmem_cache_alloc_kretprobe);
if (ret < 0) {
unregister_kretprobe(&my_kmalloc_kretprobe);
unregister_jprobe(&my_kfree_jprobe);
return -1;
}
printk(KERN_INFO "hook __slab_alloc\n");
return 0;
}
static __exit void tcpprobe_exit(void)
{
kfifo_free(tcpw.fifo);
proc_net_remove(procname);
unregister_jprobe(&tcp_send_probe);
}
static void __exit my_exit(void)
{
unregister_jprobe(&jp);
unregister_kprobe(&kp);
printk(KERN_INFO "k,jprobes unregistered\n");
}
static void __exit my_exit(void)
{
unregister_jprobe(&jp);
unregister_kprobe(&kp);
pr_info("k,jprobes unregistered\n");
}
static void mexit(void)
{
/* free the hash table contents */
long tmp_save, tmp_sum;
nf_unregister_hook(&nf_in_ops);
nf_unregister_hook(&nf_out_ops);
if (kprobe_in_reged)
unregister_jprobe(&jps_netif_receive_skb);
flush_workqueue(skb_wq);
clear_remainder_skb();
destroy_workqueue(skb_wq);
release_hash_table_cache();
free_percpu_file();
free_slab();
free_bitmap();
tcp_free_sha1sig_pool();
tmp_save = atomic64_read(&save_num);
tmp_sum = atomic64_read(&sum_num);
if (tmp_sum > 0)
printk(KERN_INFO "Cache ratio is:%ld%%", (tmp_save*100)/tmp_sum);
printk(KERN_INFO "savenum is:%ld; sumnum is:%ld,%ld(Mb);\nExit %s.", tmp_save, tmp_sum, (tmp_sum /1024 /1024 *8), THIS_MODULE->name);
}
void kmemchecker_probes_exit(void)
{
unregister_kretprobe(&my_kmalloc_kretprobe);
printk(KERN_INFO "kretprobe at %p unregistered\n",
my_kmalloc_kretprobe.kp.addr);
unregister_jprobe(&my_kfree_jprobe);
unregister_kretprobe(&my_kmem_cache_alloc_kretprobe);
}
static void cleanup(void)
{
int i;
for (i = 0; i < sizeof(my_jprobes)/sizeof(struct jprobe); ++i) {
if (my_jprobes[i].kp.addr != 0) {
unregister_jprobe(&my_jprobes[i]);
}
}
}
_STATIC void socket_notify_remove(void)
{
#if defined(CONFIG_IPV6)
sock_unregister(hooked_inet6_family_ops.family);
reinstall_family("IPv6", &inet6_family_ops);
#endif
sock_unregister(hooked_inet_family_ops.family);
unregister_jprobe(&inet_sock_destruct_jprobe);
reinstall_family("IPv4", &inet_family_ops);
synchronize_net();
}
static void __exit jprobe_exit(void)
{
unregister_jprobe(&my_jprobe);
printk(KERN_INFO "jprobe at %p unregistered\n", my_jprobe.kp.addr);
unregister_kretprobe(&my_kretprobe);
printk(KERN_INFO "kretprobe at %p unregistered\n", my_kretprobe.kp.addr);
unregister_kretprobe(&my_socket_kretprobe);
printk(KERN_INFO "kretprobe at %p unregistered\n", my_socket_kretprobe.kp.addr);
}
static void mvmhyper_exit(void)
{
printk("mvmhyper exit.\n");
for(i=0;i<jpnum;++i)
if(useit[i])
unregister_jprobe(&jphyper[i]);
remove_proc_entry("aim", dir);
remove_proc_entry("fault", dir);
remove_proc_entry("time", dir);
remove_proc_entry("id", dir);
remove_proc_entry("signal", dir);
remove_proc_entry("jphyper", NULL);
}
int __init probe_init(struct hook *hooks, struct rhook *rhooks)
{
int err;
struct hook *p;
struct rhook *q;
p = hooks;
while (p->funcname) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
p->jp.kp.symbol_name = p->funcname;
#else
p->jp.kp.addr = (void*)kallsyms_lookup_name(p->funcname);
BUG_ON(!p->jp.kp.addr);
#endif
p++;
}
q = rhooks;
while (q->funcname) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19)
q->rp.kp.symbol_name = q->funcname;
#else
q->rp.kp.addr = (void*)kallsyms_lookup_name(q->funcname);
BUG_ON(!q->rp.kp.addr);
#endif
q++;
}
err = 0;
p = hooks;
while (p->funcname && !err) {
err = register_jprobe(&p->jp);
p++;
}
if (!err) {
q = rhooks;
while (q->funcname && !err) {
err = register_kretprobe(&q->rp);
q++;
}
if (!err)
return 0;
while (--q != rhooks)
unregister_kretprobe(&q->rp);
}
while (--p != hooks)
unregister_jprobe(&p->jp);
return err;
}
void cleanup_module(void)
{
unregister_jprobe(&hid_register_report_probe);
unregister_jprobe(&hid_add_field_probe);
unregister_jprobe(&hid_parser_main_probe);
unregister_jprobe(&hid_parser_global_probe);
unregister_jprobe(&hid_parser_local_probe);
unregister_jprobe(&hid_parser_reserved_probe);
printk("HIDHUNTER :: jprobes unregisterd\n");
}
void __exit probe_exit(struct hook *hooks, struct rhook *rhooks)
{
struct hook *p;
struct rhook *q;
p = hooks;
while (p->funcname) {
unregister_jprobe(&p->jp);
p++;
}
q = rhooks;
while (q->funcname) {
unregister_kretprobe(&q->rp);
q++;
}
}
/*
Helper cleanup resources routine.
Release resources in the reverse order we acquired them
*/
void ReleaseResources(bool bFreeTsk, bool bRetDoFork)
{
ReleaseProcFile();
if(bFreeTsk) {
unregister_jprobe(&jprobe_free_task);
trace(DETAIL_LEVEL, "unregister_jprobe(0x%p)\n", &jprobe_free_task);
}
if(bRetDoFork) {
unregister_kretprobe(&kret_do_fork);
trace(DETAIL_LEVEL, "unregister_kretprobe(0x%p)\n", &kret_do_fork);
}
if(s_pLog) {
kfree(s_pLog);
}
}
static int test_jprobe(void)
{
int ret;
ret = register_jprobe(&jp);
if (ret < 0) {
printk(KERN_ERR "Kprobe smoke test failed: "
"register_jprobe returned %d\n", ret);
return ret;
}
ret = target(rand1);
unregister_jprobe(&jp);
if (jph_val == 0) {
printk(KERN_ERR "Kprobe smoke test failed: "
"jprobe handler not called\n");
handler_errors++;
}
return 0;
}
_STATIC int __init socket_notify_init(void)
{
int err;
if ((err = install_hook("IPv4", &inet_family_ops, &hooked_inet_family_ops)))
return err;
if ((err = register_jprobe(&inet_sock_destruct_jprobe)) < 0) {
printk(KERN_ERR "error registering inet_sock_destruct_jprobe\n");
sock_unregister(hooked_inet_family_ops.family);
reinstall_family("IPv4", &inet_family_ops);
return err;
}
#if defined(CONFIG_IPV6)
if ((err = install_hook("IPv6", &inet6_family_ops, &hooked_inet6_family_ops))) {
unregister_jprobe(&inet_sock_destruct_jprobe);
sock_unregister(hooked_inet_family_ops.family);
reinstall_family("IPv4", &inet_family_ops);
return err;
}
#endif
return 0;
}
static void __exit jprobe_exit(void)
{
unregister_jprobe(&my_jprobe);
printk("jprobe unregistered\n");
}
static void __exit jprobe_sys_mount_cleanup(void)
{
unregister_jprobe(&jprobe_sys_mount);
printk(KERN_INFO "Cleaning up %s module.\n", module_name(THIS_MODULE));
}
static void __exit lttng_addons_elv_exit(void)
{
unregister_jprobe(&elv_jprobe);
printk("lttng-elv removed\n");
}
void cleanup_module(void)
{
unregister_jprobe(&my_jprobe_udp);
netlink_kernel_release(nl_sk_udp);
printk("jprobe unregistered\n");
}
static __exit void cleanup_schk(void)
{
unregister_jprobe(&jp);
unregister_jprobe(&jp0);
printk("Good by!\n");
}
static void __exit kprobe_exit(void)
{
unregister_jprobe(&tcp_hook_jp);
printk(KERN_INFO "Unregister tcp hook OK\n");
}
static int linuxdrv_init(void)
{
int i;
jprobes[0].kp.symbol_name = "proc_fork_connector";
jprobes[0].entry = (void*)linuxdrv_finish_fork;
jprobes[1].kp.symbol_name = "proc_exit_connector";
jprobes[1].entry = (void*)linuxdrv_finish_exit;
jprobes[2].kp.symbol_name = "proc_exec_connector";
jprobes[2].entry = (void*)linuxdrv_finish_exec;
jprobes[3].kp.symbol_name = "vma_link";
jprobes[3].entry = (void*)linuxdrv_insert_vma;
jprobes[4].kp.symbol_name = "vma_adjust";
jprobes[4].entry = (void*)linuxdrv_adjust_vma;
jprobes[5].kp.symbol_name = "remove_vma";
jprobes[5].entry = (void*)linuxdrv_remove_vma;
printk(KERN_INFO
"strName = %s\n" /* entry name */
"init_task_addr = %lu\n" /* address of init_task */
"init_task_size = %lu\n" /* size of task_struct */
"ts_tasks = %lu\n" /* offset of tasks */
"ts_pid = %lu\n" /* offset of pid */
"ts_tgid = %lu\n" /* offset of tgid */
"ts_group_leader = %lu\n" /* offset of group_leader */
"ts_thread_group = %lu\n" /* offset of thread_group */
"ts_real_parent = %lu\n" /* offset of real_parent */
"ts_mm = %lu\n" /* offset of mm */
"ts_stack = %lu\n", /* offset of stack */
UTS_RELEASE,
(unsigned long)&init_task,
(unsigned long)sizeof(init_task),
OFFSET_OF(task_struct, tasks),
OFFSET_OF(task_struct, pid),
OFFSET_OF(task_struct, tgid),
OFFSET_OF(task_struct, group_leader),
OFFSET_OF(task_struct, thread_group),
OFFSET_OF(task_struct, real_parent),
OFFSET_OF(task_struct, mm),
OFFSET_OF(task_struct, stack) // TODO: not sure which field of the union should be filled
);
// cred, real_cred and related fields may not exist in Linux kernel 2.6
printk(KERN_INFO
"ts_real_cred = %lu\n" /* offset of real_cred */
"ts_cred = %lu\n" /* offset of cred */
"ts_comm = %lu\n" /* offset of comm */
"cred_uid = %lu\n" /* offset of uid in cred */
"cred_gid = %lu\n" /* offset of gid in cred */
"cred_euid = %lu\n" /* offset of euid in cred */
"cred_egid = %lu\n", /* offset of egid in cred */
OFFSET_OF(task_struct, real_cred),
OFFSET_OF(task_struct, cred),
OFFSET_OF(task_struct, comm),
OFFSET_OF(cred, uid),
OFFSET_OF(cred, gid),
OFFSET_OF(cred, euid),
OFFSET_OF(cred, egid)
);
printk(KERN_INFO
"mm_mmap = %lu\n" /* offset of mmap in mm_struct */
"mm_pgd = %lu\n" /* offset of pgd in mm_struct */
"mm_arg_start = %lu\n" /* offset of arg_start in mm_struct */
"mm_start_brk = %lu\n" /* offset of start_brk in mm_struct */
"mm_brk = %lu\n" /* offset of brk in mm_struct */
"mm_start_stack = %lu\n", /* offset of start_stack in mm_struct */
OFFSET_OF(mm_struct, mmap),
OFFSET_OF(mm_struct, pgd),
OFFSET_OF(mm_struct, arg_start),
OFFSET_OF(mm_struct, start_brk),
OFFSET_OF(mm_struct, brk),
OFFSET_OF(mm_struct, start_stack)
);
printk(KERN_INFO
"vma_vm_start = %lu\n" /* offset of vm_start in vm_area_struct */
"vma_vm_end = %lu\n" /* offset of vm_end in vm_area_struct */
"vma_vm_next = %lu\n" /* offset of vm_next in vm_area_struct */
"vma_vm_file = %lu\n" /* offset of vm_file in vm_area_struct */
"vma_vm_flags = %lu\n" /* offset of vm_flags in vm_area_struct */
"vma_vm_pgoff = %lu\n", /* offset of vm_pgoff in vm_area_struct */
OFFSET_OF(vm_area_struct, vm_start),
OFFSET_OF(vm_area_struct, vm_end),
OFFSET_OF(vm_area_struct, vm_next),
OFFSET_OF(vm_area_struct, vm_file),
OFFSET_OF(vm_area_struct, vm_flags),
OFFSET_OF(vm_area_struct, vm_pgoff)
);
printk(KERN_INFO
"file_dentry = %lu\n" /* offset of f_dentry in file */
"file_inode = %lu\n" /* inode of file struct */
"dentry_d_name = %lu\n" /* offset of d_name in dentry */
"dentry_d_iname = %lu\n" /* offset of d_iname in dentry */
"dentry_d_parent = %lu\n" /* offset of d_parent in dentry */
"ti_task = %lu\n" /* offset of task in thread_info */
"inode_ino = %lu\n", /* offset of inode index in inode struct */
OFFSET_OF(file, f_dentry),
OFFSET_OF(dentry, d_inode),
OFFSET_OF(dentry, d_name),
OFFSET_OF(dentry, d_iname),
OFFSET_OF(dentry, d_parent),
OFFSET_OF(thread_info, task),
OFFSET_OF(inode,i_ino)
);
for(i = 0; i < JPROBE_TOTAL; i++) {
register_jprobe(&jprobes[i]);
}
for(i = 0; i < JPROBE_TOTAL; i++) {
if(jprobes[i].kp.addr != NULL) {
printk(KERN_INFO
"%s = %lu\n",
jprobes[i].kp.symbol_name,
jprobes[i].kp.addr);
}
}
for(i = 0; i < JPROBE_TOTAL; i++) {
unregister_jprobe(&jprobes[i]);
}
return -1;
}
static void __exit kprobe_exit(void)
{
unregister_jprobe(&jp);
printk("capable kprobes unregistered\n");
}
static void __exit hybla_cong_avoid_jprobe_exit(void)
{
unregister_jprobe(&hybla_cong_avoid_jprobe);
printk(KERN_INFO "hybla_cong_avoid_jprobe at %p unregistered\n", hybla_cong_avoid_jprobe.kp.addr);
}
static int lkdtm_register_cpoint(enum cname which)
{
int ret;
cpoint = CN_INVALID;
if (lkdtm.entry != NULL)
unregister_jprobe(&lkdtm);
switch (which) {
case CN_DIRECT:
lkdtm_do_action(cptype);
return 0;
case CN_INT_HARDWARE_ENTRY:
lkdtm.kp.symbol_name = "do_IRQ";
lkdtm.entry = (kprobe_opcode_t*) jp_do_irq;
break;
case CN_INT_HW_IRQ_EN:
lkdtm.kp.symbol_name = "handle_IRQ_event";
lkdtm.entry = (kprobe_opcode_t*) jp_handle_irq_event;
break;
case CN_INT_TASKLET_ENTRY:
lkdtm.kp.symbol_name = "tasklet_action";
lkdtm.entry = (kprobe_opcode_t*) jp_tasklet_action;
break;
case CN_FS_DEVRW:
lkdtm.kp.symbol_name = "ll_rw_block";
lkdtm.entry = (kprobe_opcode_t*) jp_ll_rw_block;
break;
case CN_MEM_SWAPOUT:
lkdtm.kp.symbol_name = "shrink_inactive_list";
lkdtm.entry = (kprobe_opcode_t*) jp_shrink_inactive_list;
break;
case CN_TIMERADD:
lkdtm.kp.symbol_name = "hrtimer_start";
lkdtm.entry = (kprobe_opcode_t*) jp_hrtimer_start;
break;
case CN_SCSI_DISPATCH_CMD:
lkdtm.kp.symbol_name = "scsi_dispatch_cmd";
lkdtm.entry = (kprobe_opcode_t*) jp_scsi_dispatch_cmd;
break;
case CN_IDE_CORE_CP:
#ifdef CONFIG_IDE
lkdtm.kp.symbol_name = "generic_ide_ioctl";
lkdtm.entry = (kprobe_opcode_t*) jp_generic_ide_ioctl;
#else
pr_info("Crash point not available\n");
return -EINVAL;
#endif
break;
default:
pr_info("Invalid Crash Point\n");
return -EINVAL;
}
cpoint = which;
if ((ret = register_jprobe(&lkdtm)) < 0) {
pr_info("Couldn't register jprobe\n");
cpoint = CN_INVALID;
}
return ret;
}
void cleanup_module(void)
{
unregister_jprobe(&my_jprobe);
printk("jprobe unregistered\n");
}
static void __exit my_exit(void)
{
unregister_jprobe(&my_probe);
printk("Hypercall FI kernel module: exit\n");
}
static void __exit addons_lttng_ovs_upcall_end_exit(void)
{
unregister_jprobe(<tng_ovs_upcall_end_jprobe);
printk("lttng-ovs-upcall-end-probe removed\n");
}
