From owner-freebsd-hackers Tue Aug 27 18:26:58 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ADB0937B400 for ; Tue, 27 Aug 2002 18:26:53 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2AC4543E42 for ; Tue, 27 Aug 2002 18:26:53 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id D7AD43ABD43; Wed, 28 Aug 2002 03:29:17 +0200 (CEST) Date: Wed, 28 Aug 2002 03:29:17 +0200 From: Pawel Jakub Dawidek To: freebsd-hackers@freebsd.org Subject: Replacing kernel functions. Message-ID: <20020828012917.GH22722@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="ZYOWEO2dMm2Af3e3" Content-Disposition: inline X-PGP-Key-URL: http://garage.freebsd.pl/jules.pgp X-OS: FreeBSD 4.6-STABLE i386 User-Agent: Mutt/1.5.1i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --ZYOWEO2dMm2Af3e3 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello hackers... I've wrote two functions to replace kernel functions. /* * sysfun - address of kernel function * myfun - address of our function * buf - 5 bytes length buffer to keep old first 5 kernel function bytes */ static u_int funchange(void *sysfun, void *myfun, void *buf) { static u_char *chgcode =3D "\xe9...."; u_long *addr; /* * Dots will be replaced by address of our function, so we go: * jmp */ if (sysfun =3D=3D NULL || myfun =3D=3D NULL || buf =3D=3D NULL) return (EFAULT); /* Keep first 5 bytes of kernel function in giveen buffer */ memcpy(buf, sysfun, 5); /* Count address for 'jmp' and put it to 'chgcode' */ addr =3D (u_long *)((u_char *)chgcode + 1); *addr =3D (u_long)myfun - (u_long)sysfun - 10; /* ok! let's replace it */ memcpy(sysfun, chgcode, 5); return (0); } static u_int funbackchange(void *sysfun, void *buf) { if (sysfun =3D=3D NULL || buf =3D=3D NULL) return (EFAULT); memcpy(sysfun, buf, 5); return (0); } How to use: int ourfun(...) { [...] } [...] char buf[5]; [...] funchange(kernfun, ourfun, buf); [...] funbackchange(kernfun, buf); [...] Ok... And now what I want from You. This works of course only on i386 arch and I need version of those functions for the rest of archs supported by FreeBSD. So if You know how to port them, fell free to send me Your version:) Thanks! --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --ZYOWEO2dMm2Af3e3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPWwnbT/PhmMH/Mf1AQFhLQQAiZSEchxpZIwnveOTRTSCggdA4SSqgbmw 5aupjbncIcqfqN4tgehQqggvB+dg4CpIaDYYFk9Hepe0KFHnBbKNUkxWPRiS1V6D FflzL1ROalGh0P41wyKoY2cRH3QYiOtapoFWoghZ/lOlkjOHrzJdFJlAIO891+Sg d8LnEWJRhqw= =lrIl -----END PGP SIGNATURE----- --ZYOWEO2dMm2Af3e3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message