Date: Thu, 29 Apr 2010 21:44:38 +0900 From: furukawa jun <z0.0z.furukawa@gmail.com> To: freebsd-hackers@freebsd.org Subject: How to change vnode operations ? Message-ID: <v2h15480d8f1004290544q2b070ff8i4cc68b4f171c4593@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I know the way for changing vnode operations because I did that for my graduate thesis. In that thesis I made a LKM that hooks vn_write() function. To make that software I referenced a book and a website listed below. "Joseph Kong. Designing BSD Rootkits: An Introduction to Kernel Hacking. No Starch Press, 2007." "Stephanie Wehner. Fun and games with freebsd kernel modules, April 2001. http:/ /www.r4k.net/mod/fbsdfun.html" As a reference, I show here the part of the source code of my software. #include <sys/param.h> /* module */ #include <sys/module.h> /* module */ #include <sys/kernel.h> /* module */ #include <sys/types.h> /* size_t, copystr */ #include <sys/systm.h> /* copystr */ #include <sys/proc.h> /* struct thread */ #include <sys/file.h> /* vnops */ #include <fs/msdosfs/msdosfs_vnops.c> /* msdosfs_vnodeops */ int fo_write_hook(struct file *fp, struct uio *uio, struct ucred *active_cred, int flags, struct thread *td); typedef int (*fow_t)(struct file*, struct uio*, struct ucred*, int flags, struct thread*); fow_t old_fo_write; char mybuf[256+1]; /* fo_write hook */ int fo_write_hook(struct file *fp, struct uio *uio, struct ucred *active_cred, int flags, struct thread *td) { * /* You can add here a new functinality. */* return (old_fo_write(fp, uio, active_cred, flags, td)); } /* The function called at load/unload */ static int load(struct module *module, int cmd, void *arg) { int error = 0; /* The declaration of msdosfs_vnodeops */ /* from /usr/include/fs/msdosfs/msdosfs_vnops.c */ /* extern struct vop_vector msdosfs_vnodeops */ /* The initialization of msdosfs_vnodeops */ /* from /usr/src/sys/fs/msdosfs/msdosfs_vnops.c */ //struct vop_vector msdosfs_vnodeops = { // ... // .vop_read = msdosfs_read, // ... // .vop_write = msdosfs_write, // ... //}; switch (cmd) { case MOD_LOAD: uprintf("Module has loaded\n"); /* Replace fo_write with fo_write_hook. */ old_fo_write = (fow_t)(vnops.fo_write); vnops.fo_write = fo_write_hook; break; case MOD_UNLOAD: uprintf("Module has unloaded\n"); /* Change everyhting back to normal. */ vnops.fo_write = old_fo_write; break; default: error = EOPNOTSUPP; break; } return (error); } static moduledata_t fo_write_hook_mod = { "fo_write_hook", /* module name */ load, /* event handler */ NULL /* EXTRA DATA */ }; DECLARE_MODULE(fo_write_hook, fo_write_hook_mod, SI_SUB_DRIVERS, SI_ORDER_MIDDLE); Jun Furukawa
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v2h15480d8f1004290544q2b070ff8i4cc68b4f171c4593>