-
-
Save llxiaoyuan/8b04d690d5d3c54118f2f7157d1dad09 to your computer and use it in GitHub Desktop.
Linux Kernel Module function for obtaining the syscall table address by seeking through the memory.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * run over the memory till find the sys call talbe | |
| * doing so, by searching the sys call close. | |
| */ | |
| unsigned long * obtain_syscall_table_bf(void) | |
| { | |
| unsigned long *syscall_table; | |
| unsigned long int i; | |
| for (i = (unsigned long int)sys_close; i < ULONG_MAX; | |
| i += sizeof(void *)) { | |
| syscall_table = (unsigned long *)i; | |
| if (syscall_table[__NR_close] == (unsigned long)sys_close) | |
| return syscall_table; | |
| } | |
| return NULL; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment