Date: Mon, 19 Jan 2015 06:17:10 +0200 From: "Ivan \"Rambius\" Ivanov" <rambiusparkisanius@gmail.com> To: "mail.list freebsd-questions" <freebsd-questions@freebsd.org> Subject: modfind() returns -1 Message-ID: <CAE9rwzNtUkBMzSskVigiW7hQH0NcHrovCv1UOoTrhwRp_JkUZQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello,
I am trying to implement a simple system call module, but after I
install it and try to find its offset with modfind, I somehow get -1.
The code implementing the syscal resides in sc_example_no_args.c:
#include <sys/types.h>
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/module.h>
#include <sys/sysent.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <bsm/audit_kevents.h>
static int sc_example_no_args(struct thread *td, void *syscall_args) {
printf("%s\n", "Hello, world!");
return 0;
}
static struct sysent sc_example_sysent_no_args = {
0,
sc_example_no_args
};
static int offset = NO_SYSCALL;
static int load(struct module *module, int cmd, void *arg) {
int error = 0;
switch(cmd) {
case MOD_LOAD:
uprintf("System call loaded at offset %d.\n", offset);
break;
case MOD_UNLOAD:
uprintf("System call unloaded at offset %d.\n", offset);
break;
default:
error = EOPNOTSUPP;
break;
}
return error;
}
SYSCALL_MODULE(sc_example_no_args, &offset,
&sc_example_sysent_no_args, load, NULL);
The Make file that compiles it is
KMOD=sc_example_no_args
SRCS=sc_example_no_args.c
.include <bsd.kmod.mk>
The ouput of make is
$ make
Warning: Object directory not changed from original
/home/rambius/drafts/fbsdrootkits/ch01/sc_example_no_arg
cc -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE
-nostdinc -I. -I@ -I@/contrib/altq -fno-common -mno-aes -mno-avx
-mno-mmx -mno-sse -msoft-float -ffreestanding -fstack-protector
-std=iso9899:1999 -Qunused-arguments -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -Wundef
-Wno-pointer-sign -fformat-extensions -Wmissing-include-dirs
-fdiagnostics-show-option -Wno-error-tautological-compare
-Wno-error-empty-body -Wno-error-parentheses-equality
-Wno-error-unused-function -c sc_example_no_args.c
ld -d -warn-common -r -d -o sc_example_no_args.kld sc_example_no_args.o
:> export_syms
awk -f /sys/conf/kmod_syms.awk sc_example_no_args.kld export_syms |
xargs -J% objcopy % sc_example_no_args.kld
ld -Bshareable -d -warn-common -o sc_example_no_args.ko sc_example_no_args.kld
objcopy --strip-debug sc_example_no_args.ko
I now have the module compiled in sc_example_no_args.ko and I can kldload it:
$ sudo kldload ./sc_example_no_args.ko
System call loaded at offset 210.
$ kldstat
Id Refs Address Size Name
1 6 0xc0400000 13a35fc kernel
2 1 0xc900a000 5000 ums.ko
3 1 0xca38f000 2000 sc_example_no_args.ko
So far, so good. Here is the code that tries to invoke that system call:
$ cat interface.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/module.h>
int main(int argc, char *argv[]) {
int syscall_num;
struct module_stat stat;
int mod_id;
stat.version = sizeof(stat);
mod_id = modfind("sc_example_no_args");
printf("%d\n", mod_id);
if (mod_id == -1) {
perror("Error finding module");
exit(2);
}
modstat(210, &stat);
syscall_num = stat.data.intval;
return syscall(syscall_num, argv[1]);
}
I compile interface.c with:
$ cc -Wall interface.c -o interface
When I run it I see that it cannot find the module:
$ cc -Wall interface.c -o interface
$ ./interface
-1
Error finding module: No such file or directory
$ echo $?
2
I would be very helpful for any help or hints. I am able to do the
syscall through perl
$ perl -e 'syscall(210);'
$ dmesg | tail -n 1
Hello, world!
Thank you in advance!
Regards
Rambius
--
Tangra Mega Rock: http://www.radiotangra.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE9rwzNtUkBMzSskVigiW7hQH0NcHrovCv1UOoTrhwRp_JkUZQ>