GoldenOak
GoldenOak
/ simple_netfilter_LKM.c
Created
January 18, 2019 15:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /***************************************************** | |
| * This code was compiled and tested on Ubuntu 18.04.1 | |
| * with kernel version 4.15.0 | |
| *****************************************************/ | |
| #include <linux/init.h> | |
| #include <linux/module.h> | |
| #include <linux/kernel.h> | |
| #include <linux/netfilter.h> | |
| #include <linux/netfilter_ipv4.h> |
GoldenOak
/ obtain_syscall_table_by_fn.c
Created
July 13, 2019 11:29
Linux Kernel Module function for obtaining the syscall table address by seeking through the memory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * run over the memory till find the sys call talbe | |
| * doing so, by searching the sys call close. | |
| */ | |
| unsigned long * obtain_syscall_table_bf(void) | |
| { | |
| unsigned long *syscall_table; | |
| unsigned long int i; | |
| for (i = (unsigned long int)sys_close; i < ULONG_MAX; |
GoldenOak
/ obtain_syscall_table_by_proc.c
Last active
July 2, 2022 10:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Enable kernel address space which is 4G | |
| */ | |
| #define ENTER_KERNEL_ADDR_SPACE(oldfs) \ | |
| ({ \ | |
| oldfs = get_fs(); \ | |
| set_fs (KERNEL_DS); \ | |
| }); | |
| /* |
GoldenOak
/ syscall_hooking.c
Created
February 1, 2020 13:44
Snippet of system call hooking for the Linux kernel
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * This is not a whole code, but only a snippet. | |
| * Some functions *is* missing. | |
| */ | |
| asmlinkage long (*orig_shutdown)(int, int); | |
| unsigned long *sys_call_table; | |
| hooking_syscall(void *hook_addr, uint16_t syscall_offset, unsigned long *sys_call_tabe) | |
| { |