Created
July 13, 2019 11:29
-
-
Save GoldenOak/83b02fbb8e2073c3520c80da5aa69ecb to your computer and use it in GitHub Desktop.
Linux Kernel Module function for obtaining the syscall table address by seeking through the memory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * run over the memory till find the sys call talbe | |
| * doing so, by searching the sys call close. | |
| */ | |
| unsigned long * obtain_syscall_table_bf(void) | |
| { | |
| unsigned long *syscall_table; | |
| unsigned long int i; | |
| for (i = (unsigned long int)sys_close; i < ULONG_MAX; | |
| i += sizeof(void *)) { | |
| syscall_table = (unsigned long *)i; | |
| if (syscall_table[__NR_close] == (unsigned long)sys_close) | |
| return syscall_table; | |
| } | |
| return NULL; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment