Showing
16 changed files
with
135 additions
and
0 deletions
lab5-2/hooking_prac/hooking/Makefile
0 → 100644
1 | +export APP_NAME=hello_world | ||
2 | +export MOD_NAME=hooker | ||
3 | + | ||
4 | +PWD=$(shell pwd) | ||
5 | +APP_PATH=$(PWD)/d$(APP_NAME) | ||
6 | +MOD_PATH=$(PWD)/d$(MOD_NAME) | ||
7 | + | ||
8 | +all: $(MOD_NAME) $(APP_NAME) | ||
9 | + | ||
10 | +$(MOD_NAME): | ||
11 | + $(MAKE) -C $(MOD_PATH) | ||
12 | + mv $(MOD_PATH)/$@.ko $(PWD) | ||
13 | + | ||
14 | +$(APP_NAME): | ||
15 | + $(MAKE) -C $(APP_PATH) | ||
16 | + mv $(APP_PATH)/$@ $(PWD) | ||
17 | + | ||
18 | +clean: | ||
19 | + $(RM) $(PWD)/$(MOD_NAME).ko | ||
20 | + $(RM) $(PWD)/$(APP_NAME) | ||
21 | + arm-linux-gnueabihf-gcc -C $(MOD_PATH) clean | ||
22 | + arm-linux-gnueabihf-gcc -C $(APP_PATH) clean |
1 | +cmd_/root/hooking/dhooker/hooker.ko := arm-linux-gnueabihf-ld -EL -r -T ./scripts/module-common.lds --build-id -o /root/hooking/dhooker/hooker.ko /root/hooking/dhooker/hooker.o /root/hooking/dhooker/hooker.mod.o |
This diff is collapsed. Click to expand it.
This diff is collapsed. Click to expand it.
lab5-2/hooking_prac/hooking/dhooker/Makefile
0 → 100644
File mode changed
lab5-2/hooking_prac/hooking/dhooker/hooker.c
0 → 100644
1 | +#include <linux/kernel.h> | ||
2 | +#include <linux/module.h> | ||
3 | +#include <linux/syscalls.h> | ||
4 | +#include <linux/string.h> | ||
5 | + | ||
6 | +#define SYSCALL_TABLE_BASE_ADDR (0x8000fc28) | ||
7 | +#define MANAGER_PERMISSION (0xff) | ||
8 | + | ||
9 | +unsigned int ** g_puSysTableAddr = (unsigned int**) SYSCALL_TABLE_BASE_ADDR; | ||
10 | +unsigned int g_uPrevAP = 0x00; | ||
11 | +unsigned int g_uNewAP = MANAGER_PERMISSION; | ||
12 | +unsigned int (* sys_write_orig)(int fd, char *byf, size_t count); | ||
13 | + | ||
14 | +//sys_write_orig() 호출 전 pBuF의 내용 수정 | ||
15 | +unsigned int sys_write_hooked(int nFD, char *pBuf, size_t nCnt){ | ||
16 | + printk("current process name : %s\n",current->comm); | ||
17 | + if(current->comm == "hello_world" && nFD == 1){ | ||
18 | + memset(pBuf, 0, nCnt); | ||
19 | + strcpy(pBuf, "Hacked!!!\n"); | ||
20 | + return sys_write_orig(nFD,pBuf, nCnt); | ||
21 | + } | ||
22 | + else{ | ||
23 | + return sys_write_orig(nFD,pBuf, nCnt); | ||
24 | + } | ||
25 | + | ||
26 | +} | ||
27 | + | ||
28 | +int __init Hook_Init(void){ | ||
29 | + sys_write_orig = (void *)g_puSysTableAddr[__NR_write]; | ||
30 | + | ||
31 | + __asm__ __volatile__("mrc p15, 0, %0, c3, c0" : "=r"(g_uPrevAP)); | ||
32 | + __asm__ __volatile__("mrc p15, 0, %0, c3, c0" : : "r"(g_uNewAP)); | ||
33 | + | ||
34 | + g_puSysTableAddr[__NR_write] = (unsigned int *) sys_write_hooked; | ||
35 | + | ||
36 | + __asm__ __volatile__("mcr p15,0, %0, c3, c0" : :"r"(g_uPrevAP)); | ||
37 | + return 0; | ||
38 | +} | ||
39 | + | ||
40 | +void __exit Hook_Exit(void){ | ||
41 | + __asm__ __volatile__("mrc p15,0, %0, c3,c0" : "=r"(g_uPrevAP)); | ||
42 | + __asm__ __volatile__("mcr p15, 0, %0, c3, c0" : :"r"(g_uNewAP)); | ||
43 | + | ||
44 | + g_puSysTableAddr[__NR_write] = (unsigned int *) sys_write_orig; | ||
45 | + | ||
46 | + __asm__ __volatile__("mcr p15,0, %0, c3, c0" : :"r"(g_uPrevAP)); | ||
47 | +} | ||
48 | + | ||
49 | +module_init(Hook_Init); | ||
50 | +module_exit(Hook_Exit); |
1 | +#include <linux/module.h> | ||
2 | +#include <linux/vermagic.h> | ||
3 | +#include <linux/compiler.h> | ||
4 | + | ||
5 | +MODULE_INFO(vermagic, VERMAGIC_STRING); | ||
6 | + | ||
7 | +__visible struct module __this_module | ||
8 | +__attribute__((section(".gnu.linkonce.this_module"))) = { | ||
9 | + .name = KBUILD_MODNAME, | ||
10 | + .init = init_module, | ||
11 | +#ifdef CONFIG_MODULE_UNLOAD | ||
12 | + .exit = cleanup_module, | ||
13 | +#endif | ||
14 | + .arch = MODULE_ARCH_INIT, | ||
15 | +}; | ||
16 | + | ||
17 | +static const struct modversion_info ____versions[] | ||
18 | +__used | ||
19 | +__attribute__((section("__versions"))) = { | ||
20 | + { 0xb344870e, __VMLINUX_SYMBOL_STR(module_layout) }, | ||
21 | + { 0x2e5810c6, __VMLINUX_SYMBOL_STR(__aeabi_unwind_cpp_pr1) }, | ||
22 | + { 0xfa2a45e, __VMLINUX_SYMBOL_STR(__memzero) }, | ||
23 | + { 0x27e1a049, __VMLINUX_SYMBOL_STR(printk) }, | ||
24 | + { 0xb1ad28e0, __VMLINUX_SYMBOL_STR(__gnu_mcount_nc) }, | ||
25 | +}; | ||
26 | + | ||
27 | +static const char __module_depends[] | ||
28 | +__used | ||
29 | +__attribute__((section(".modinfo"))) = | ||
30 | +"depends="; | ||
31 | + | ||
32 | + | ||
33 | +MODULE_INFO(srcversion, "1041E4758432C86606FD67E"); |
No preview for this file type
lab5-2/hooking_prac/hooking/dhooker/hooker.o
0 → 100644
No preview for this file type
1 | +kernel//root/hooking/dhooker/hooker.ko |
lab5-2/hooking_prac/hooking/hello_world
0 → 100755
No preview for this file type
lab5-2/hooking_prac/hooking/hooker.ko
0 → 100644
No preview for this file type
-
Please register or login to post a comment