손지언 / 2019102185

Go to a project
Toggle navigation Toggle navigation pinning
손지언
351743ea 1 parent 1491ef3c

d

Expand all
Inline Side-by-side
Showing 21 changed files with 3 additions and 141 deletions
......@@ -13,8 +13,9 @@ unsigned int (* sys_write_orig)(int fd, char *byf, size_t count);
//sys_write_orig() 호출 전 pBuF의 내용 수정
unsigned int sys_write_hooked(int nFD, char *pBuf, size_t nCnt){
printk("current process: %s", current->comm);
if(current->comm == "hello_world" && nFD == 1){
printk("current process: %s", current->comm);
memset(pBuf, 0, nCnt);
strcpy(pBuf, "Hacked!!!\n");
return sys_write_orig(nFD,pBuf, nCnt);
......
......@@ -30,4 +30,4 @@ __attribute__((section(".modinfo"))) =
"depends=";
MODULE_INFO(srcversion, "2A131E5614C253504393ED6");
MODULE_INFO(srcversion, "6656FAE980A32BBBB7648FE");
......
export APP_NAME=hello_world
export MOD_NAME=hooker
PWD := $(shell pwd)
APP_PATH=$(PWD)/d$(APP_NAME)
MOD_PATH=$(PWD)/d$(MOD_NAME)
all: $(MOD_NAME) $(APP_NAME)
$(MOD_NAME):
$(MAKE) -C $(MOD_PATH)
mv $(MOD_PATH)/$@.ko $(PWD)
$(APP_NAME):
$(MAKE) -C $(APP_PATH)
mv $(APP_PATH)/$@ $(PWD)
clean:
$(RM) $(PWD)/$(MOD_NAME).ko
$(RM) $(PWD)/$(APP_NAME)
arm-linux-gnueabihf-gcc -C $(MOD_PATH) clean
arm-linux-gnueabihf-gcc -C $(APP_PATH) clean
APP_NAME := hello_world
all:
arm-linux-gnueabihf-gcc -o $(APP_NAME) $(APP_NAME).c
clean:
$(RM) $(APP_NAME).o
#include <stdio.h>
int main(int argc, char *argv[]){
char sHelloMsg[] = {"Hello world!\n"};
printf(sHelloMsg);
return 0;
}
cmd_/root/hooking/dhooker/hooker.ko := arm-linux-gnueabihf-ld -EL -r -T ./scripts/module-common.lds --build-id -o /root/hooking/dhooker/hooker.ko /root/hooking/dhooker/hooker.o /root/hooking/dhooker/hooker.mod.o
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
/root/hooking/dhooker/hooker.ko
/root/hooking/dhooker/hooker.o
obj-m := hooker.o
KDIR=/root/working/linux
PWD=$(shell pwd)
TOOLCHAIN=arm-linux-gnueabihf-
TARGET=arm
all:
$(MAKE) -C $(KDIR) M=$(PWD) ARCH=$(TARGET) CROSS_COMPILE=$(TOOLCHAIN) modules
clean:
$(MAKE) -C $(KDIR) SUBDIRS=$(PWD) clean
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/syscalls.h>
#include <linux/string.h>
#include <linux/sched.h>
#define SYSCALL_TABLE_BASE_ADDR (0x8000fc28)
#define MANAGER_PERMISSION (0xff)
unsigned int ** g_puSysTableAddr = (unsigned int**) SYSCALL_TABLE_BASE_ADDR;
unsigned int g_uPrevAP = 0x00;
unsigned int g_uNewAP = MANAGER_PERMISSION;
unsigned int (* sys_write_orig)(int fd, char *byf, size_t count);
//sys_write_orig() 호출 전 pBuF의 내용 수정
unsigned int sys_write_hooked(int nFD, char *pBuf, size_t nCnt){
printk("current process name : %s\n",current->comm);
if(current->comm == "hello_world" && nFD == 1){
memset(pBuf, 0, nCnt);
strcpy(pBuf, "Hacked!!!\n");
return sys_write_orig(nFD,pBuf, nCnt);
}
else{
return sys_write_orig(nFD,pBuf, nCnt);
}
}
int __init Hook_Init(void){
sys_write_orig = (void *)g_puSysTableAddr[__NR_write];
printk("외않되?\n");
__asm__ __volatile__("mrc p15, 0, %0, c3, c0" : "=r"(g_uPrevAP));
__asm__ __volatile__("mrc p15, 0, %0, c3, c0" : : "r"(g_uNewAP));
g_puSysTableAddr[__NR_write] = (unsigned int *) sys_write_hooked;
__asm__ __volatile__("mcr p15,0, %0, c3, c0" : :"r"(g_uPrevAP));
return 0;
}
void __exit Hook_Exit(void){
__asm__ __volatile__("mrc p15,0, %0, c3,c0" : "=r"(g_uPrevAP));
__asm__ __volatile__("mcr p15, 0, %0, c3, c0" : :"r"(g_uNewAP));
g_puSysTableAddr[__NR_write] = (unsigned int *) sys_write_orig;
__asm__ __volatile__("mcr p15,0, %0, c3, c0" : :"r"(g_uPrevAP));
}
module_init(Hook_Init);
module_exit(Hook_Exit);
MODULE_LICENSE("GPL");
#include <linux/module.h>
#include <linux/vermagic.h>
#include <linux/compiler.h>
MODULE_INFO(vermagic, VERMAGIC_STRING);
__visible struct module __this_module
__attribute__((section(".gnu.linkonce.this_module"))) = {
.name = KBUILD_MODNAME,
.init = init_module,
#ifdef CONFIG_MODULE_UNLOAD
.exit = cleanup_module,
#endif
.arch = MODULE_ARCH_INIT,
};
static const struct modversion_info ____versions[]
__used
__attribute__((section("__versions"))) = {
{ 0xb344870e, __VMLINUX_SYMBOL_STR(module_layout) },
{ 0x2e5810c6, __VMLINUX_SYMBOL_STR(__aeabi_unwind_cpp_pr1) },
{ 0xfa2a45e, __VMLINUX_SYMBOL_STR(__memzero) },
{ 0x27e1a049, __VMLINUX_SYMBOL_STR(printk) },
{ 0xb1ad28e0, __VMLINUX_SYMBOL_STR(__gnu_mcount_nc) },
};
static const char __module_depends[]
__used
__attribute__((section(".modinfo"))) =
"depends=";
MODULE_INFO(srcversion, "C9222200A71E34F955A2A67");
kernel//root/hooking/dhooker/hooker.ko
No preview for this file type