손지언 / 2019102185

Go to a project
Toggle navigation Toggle navigation pinning
손지언
351743ea 1 parent 1491ef3c

d

Expand all
Inline Side-by-side
Showing 21 changed files with 3 additions and 141 deletions
...@@ -13,8 +13,9 @@ unsigned int (* sys_write_orig)(int fd, char *byf, size_t count); ...@@ -13,8 +13,9 @@ unsigned int (* sys_write_orig)(int fd, char *byf, size_t count);
13 13
14 //sys_write_orig() 호출 전 pBuF의 내용 수정 14 //sys_write_orig() 호출 전 pBuF의 내용 수정
15 unsigned int sys_write_hooked(int nFD, char *pBuf, size_t nCnt){ 15 unsigned int sys_write_hooked(int nFD, char *pBuf, size_t nCnt){
16 - printk("current process: %s", current->comm); 16 +
17 if(current->comm == "hello_world" && nFD == 1){ 17 if(current->comm == "hello_world" && nFD == 1){
18 + printk("current process: %s", current->comm);
18 memset(pBuf, 0, nCnt); 19 memset(pBuf, 0, nCnt);
19 strcpy(pBuf, "Hacked!!!\n"); 20 strcpy(pBuf, "Hacked!!!\n");
20 return sys_write_orig(nFD,pBuf, nCnt); 21 return sys_write_orig(nFD,pBuf, nCnt);
......
...@@ -30,4 +30,4 @@ __attribute__((section(".modinfo"))) = ...@@ -30,4 +30,4 @@ __attribute__((section(".modinfo"))) =
30 "depends="; 30 "depends=";
31 31
32 32
33 -MODULE_INFO(srcversion, "2A131E5614C253504393ED6"); 33 +MODULE_INFO(srcversion, "6656FAE980A32BBBB7648FE");
......
1 -export APP_NAME=hello_world
2 -export MOD_NAME=hooker
3 -
4 -PWD := $(shell pwd)
5 -APP_PATH=$(PWD)/d$(APP_NAME)
6 -MOD_PATH=$(PWD)/d$(MOD_NAME)
7 -
8 -all: $(MOD_NAME) $(APP_NAME)
9 -
10 -$(MOD_NAME):
11 - $(MAKE) -C $(MOD_PATH)
12 - mv $(MOD_PATH)/$@.ko $(PWD)
13 -
14 -$(APP_NAME):
15 - $(MAKE) -C $(APP_PATH)
16 - mv $(APP_PATH)/$@ $(PWD)
17 -
18 -clean:
19 - $(RM) $(PWD)/$(MOD_NAME).ko
20 - $(RM) $(PWD)/$(APP_NAME)
21 - arm-linux-gnueabihf-gcc -C $(MOD_PATH) clean
22 - arm-linux-gnueabihf-gcc -C $(APP_PATH) clean
1 -APP_NAME := hello_world
2 -
3 -all:
4 - arm-linux-gnueabihf-gcc -o $(APP_NAME) $(APP_NAME).c
5 -
6 -clean:
7 - $(RM) $(APP_NAME).o
1 -#include <stdio.h>
2 -
3 -int main(int argc, char *argv[]){
4 - char sHelloMsg[] = {"Hello world!\n"};
5 - printf(sHelloMsg);
6 - return 0;
7 -}
1 -cmd_/root/hooking/dhooker/hooker.ko := arm-linux-gnueabihf-ld -EL -r -T ./scripts/module-common.lds --build-id -o /root/hooking/dhooker/hooker.ko /root/hooking/dhooker/hooker.o /root/hooking/dhooker/hooker.mod.o
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
1 -/root/hooking/dhooker/hooker.ko
2 -/root/hooking/dhooker/hooker.o
1 -obj-m := hooker.o
2 -
3 -KDIR=/root/working/linux
4 -PWD=$(shell pwd)
5 -TOOLCHAIN=arm-linux-gnueabihf-
6 -TARGET=arm
7 -
8 -all:
9 - $(MAKE) -C $(KDIR) M=$(PWD) ARCH=$(TARGET) CROSS_COMPILE=$(TOOLCHAIN) modules
10 -
11 -clean:
12 - $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) clean
1 -#include <linux/kernel.h>
2 -#include <linux/module.h>
3 -#include <linux/syscalls.h>
4 -#include <linux/string.h>
5 -#include <linux/sched.h>
6 -
7 -#define SYSCALL_TABLE_BASE_ADDR (0x8000fc28)
8 -#define MANAGER_PERMISSION (0xff)
9 -
10 -unsigned int ** g_puSysTableAddr = (unsigned int**) SYSCALL_TABLE_BASE_ADDR;
11 -unsigned int g_uPrevAP = 0x00;
12 -unsigned int g_uNewAP = MANAGER_PERMISSION;
13 -unsigned int (* sys_write_orig)(int fd, char *byf, size_t count);
14 -
15 -
16 -//sys_write_orig() 호출 전 pBuF의 내용 수정
17 -unsigned int sys_write_hooked(int nFD, char *pBuf, size_t nCnt){
18 - printk("current process name : %s\n",current->comm);
19 - if(current->comm == "hello_world" && nFD == 1){
20 - memset(pBuf, 0, nCnt);
21 - strcpy(pBuf, "Hacked!!!\n");
22 - return sys_write_orig(nFD,pBuf, nCnt);
23 - }
24 - else{
25 - return sys_write_orig(nFD,pBuf, nCnt);
26 - }
27 -
28 -}
29 -
30 -int __init Hook_Init(void){
31 - sys_write_orig = (void *)g_puSysTableAddr[__NR_write];
32 -
33 - printk("외않되?\n");
34 - __asm__ __volatile__("mrc p15, 0, %0, c3, c0" : "=r"(g_uPrevAP));
35 - __asm__ __volatile__("mrc p15, 0, %0, c3, c0" : : "r"(g_uNewAP));
36 -
37 - g_puSysTableAddr[__NR_write] = (unsigned int *) sys_write_hooked;
38 -
39 - __asm__ __volatile__("mcr p15,0, %0, c3, c0" : :"r"(g_uPrevAP));
40 - return 0;
41 -}
42 -
43 -void __exit Hook_Exit(void){
44 - __asm__ __volatile__("mrc p15,0, %0, c3,c0" : "=r"(g_uPrevAP));
45 - __asm__ __volatile__("mcr p15, 0, %0, c3, c0" : :"r"(g_uNewAP));
46 -
47 - g_puSysTableAddr[__NR_write] = (unsigned int *) sys_write_orig;
48 -
49 - __asm__ __volatile__("mcr p15,0, %0, c3, c0" : :"r"(g_uPrevAP));
50 -}
51 -
52 -module_init(Hook_Init);
53 -module_exit(Hook_Exit);
54 -MODULE_LICENSE("GPL");
1 -#include <linux/module.h>
2 -#include <linux/vermagic.h>
3 -#include <linux/compiler.h>
4 -
5 -MODULE_INFO(vermagic, VERMAGIC_STRING);
6 -
7 -__visible struct module __this_module
8 -__attribute__((section(".gnu.linkonce.this_module"))) = {
9 - .name = KBUILD_MODNAME,
10 - .init = init_module,
11 -#ifdef CONFIG_MODULE_UNLOAD
12 - .exit = cleanup_module,
13 -#endif
14 - .arch = MODULE_ARCH_INIT,
15 -};
16 -
17 -static const struct modversion_info ____versions[]
18 -__used
19 -__attribute__((section("__versions"))) = {
20 - { 0xb344870e, __VMLINUX_SYMBOL_STR(module_layout) },
21 - { 0x2e5810c6, __VMLINUX_SYMBOL_STR(__aeabi_unwind_cpp_pr1) },
22 - { 0xfa2a45e, __VMLINUX_SYMBOL_STR(__memzero) },
23 - { 0x27e1a049, __VMLINUX_SYMBOL_STR(printk) },
24 - { 0xb1ad28e0, __VMLINUX_SYMBOL_STR(__gnu_mcount_nc) },
25 -};
26 -
27 -static const char __module_depends[]
28 -__used
29 -__attribute__((section(".modinfo"))) =
30 -"depends=";
31 -
32 -
33 -MODULE_INFO(srcversion, "C9222200A71E34F955A2A67");
1 -kernel//root/hooking/dhooker/hooker.ko
No preview for this file type