Created
May 14, 2015 18:34
-
-
Save benaryorg/cfbfec760e752f7473a1 to your computer and use it in GitHub Desktop.
linux device driver that grants arbitary memory access in a broken way
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <linux/module.h> | |
| #include <linux/version.h> | |
| #include <linux/kernel.h> | |
| #include <linux/types.h> | |
| #include <linux/kdev_t.h> | |
| #include <linux/fs.h> | |
| #include <linux/device.h> | |
| #include <linux/cdev.h> | |
| static dev_t first; | |
| static struct cdev c_dev; | |
| static struct class *cl; | |
| static int dopen(struct inode *i,struct file *f) | |
| { | |
| printk(KERN_INFO "Driver: open()\n"); | |
| return 0; | |
| } | |
| static int dclose(struct inode *i,struct file *f) | |
| { | |
| printk(KERN_INFO "Driver: close()\n"); | |
| return 0; | |
| } | |
| static ssize_t dread(struct file *f,char __user *buf,size_t len,loff_t *off) | |
| { | |
| printk(KERN_INFO "Driver: read()\n"); | |
| memcpy(buf,off,len); | |
| return len; | |
| } | |
| static ssize_t dwrite(struct file *f,const char __user *buf,size_t len,loff_t *off) | |
| { | |
| printk(KERN_INFO "Driver: write()\n"); | |
| memcpy(off,buf,len); | |
| return len; | |
| } | |
| static int duevent(struct device *dev,struct kobj_uevent_env *env) | |
| { | |
| printk(KERN_INFO "Driver: uevent()\n"); | |
| add_uevent_var(env,"DEVMODE=%#o",0666); | |
| return 0; | |
| } | |
| static struct file_operations pugs_fops= | |
| { | |
| .owner=THIS_MODULE, | |
| .open=dopen, | |
| .release=dclose, | |
| .read=dread, | |
| .write=dwrite, | |
| }; | |
| static int __init benarydev_init(void) | |
| { | |
| printk(KERN_INFO "benarydev: starting"); | |
| if(alloc_chrdev_region(&first,0,1,"benarydev")<0) | |
| { | |
| return -1; | |
| } | |
| if ((cl = class_create(THIS_MODULE,"chardrv")) == NULL) | |
| { | |
| unregister_chrdev_region(first,1); | |
| return -1; | |
| } | |
| cl->dev_uevent=duevent; | |
| if (device_create(cl,NULL,first,NULL,"benarydevnull") == NULL) | |
| { | |
| class_destroy(cl); | |
| unregister_chrdev_region(first,1); | |
| return -1; | |
| } | |
| cdev_init(&c_dev,&pugs_fops); | |
| if (cdev_add(&c_dev,first,1) == -1) | |
| { | |
| device_destroy(cl,first); | |
| class_destroy(cl); | |
| unregister_chrdev_region(first,1); | |
| return -1; | |
| } | |
| printk(KERN_INFO "benarydev: started"); | |
| return 0; | |
| } | |
| static void __exit benarydev_exit(void) | |
| { | |
| printk(KERN_INFO "benarydev: stopping"); | |
| cdev_del(&c_dev); | |
| device_destroy(cl, first); | |
| class_destroy(cl); | |
| unregister_chrdev_region(first, 1); | |
| printk(KERN_INFO "benarydev: stopped"); | |
| } | |
| module_init(benarydev_init); | |
| module_exit(benarydev_exit); | |
| MODULE_LICENSE("GPL"); | |
| MODULE_AUTHOR("benaryorg <binary at benary dot org>"); | |
| MODULE_DESCRIPTION("benaryorg's device driver (do not use)"); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment