Merge pull request #244 from keytouch/fix_syscall

Fix compilation due to syscall module name conflict
2023-12-22 20:33:10 +08:00 · 2023-12-22 20:33:10 +08:00 · 7f94878ae3
commit 7f94878ae3
parent 3490cd7c41 f2ad878e9b
3 changed files with 14 additions and 14 deletions
--- a/examples/Makefile
+++ b/examples/Makefile
@ -16,7 +16,7 @@ obj-m += print_string.o
 obj-m += kbleds.o
 obj-m += sched.o
 obj-m += chardev2.o
-obj-m += syscall.o
+obj-m += syscall_steal.o
 obj-m += intrpt.o
 obj-m += cryptosha256.o
 obj-m += cryptosk.o
--- a/examples/syscall_steal.c
+++ b/examples/syscall_steal.c
@ -1,5 +1,5 @@
 /*
- * syscall.c
+ * syscall_steal.c
 *
 * System call "stealing" sample.
 *
@ -61,7 +61,7 @@ module_param(sym, ulong, 0644);

 #endif /* Version < v5.7 */

-static unsigned long **sys_call_table;
+static unsigned long **sys_call_table_stolen;

 /* UID we want to spy on - will be filled from the command line. */
 static uid_t uid = -1;
@ -206,18 +206,18 @@ static void disable_write_protection(void)
    __write_cr0(cr0);
 }

-static int __init syscall_start(void)
+static int __init syscall_steal_start(void)
 {
-    if (!(sys_call_table = acquire_sys_call_table()))
+    if (!(sys_call_table_stolen = acquire_sys_call_table()))
        return -1;

    disable_write_protection();

    /* keep track of the original open function */
-    original_call = (void *)sys_call_table[__NR_openat];
+    original_call = (void *)sys_call_table_stolen[__NR_openat];

    /* use our openat function instead */
-    sys_call_table[__NR_openat] = (unsigned long *)our_sys_openat;
+    sys_call_table_stolen[__NR_openat] = (unsigned long *)our_sys_openat;

    enable_write_protection();

@ -226,13 +226,13 @@ static int __init syscall_start(void)
    return 0;
 }

-static void __exit syscall_end(void)
+static void __exit syscall_steal_end(void)
 {
-    if (!sys_call_table)
+    if (!sys_call_table_stolen)
        return;

    /* Return the system call back to normal */
-    if (sys_call_table[__NR_openat] != (unsigned long *)our_sys_openat) {
+    if (sys_call_table_stolen[__NR_openat] != (unsigned long *)our_sys_openat) {
        pr_alert("Somebody else also played with the ");
        pr_alert("open system call\n");
        pr_alert("The system may be left in ");
@ -240,13 +240,13 @@ static void __exit syscall_end(void)
    }

    disable_write_protection();
-    sys_call_table[__NR_openat] = (unsigned long *)original_call;
+    sys_call_table_stolen[__NR_openat] = (unsigned long *)original_call;
    enable_write_protection();

    msleep(2000);
 }

-module_init(syscall_start);
-module_exit(syscall_end);
+module_init(syscall_steal_start);
+module_exit(syscall_steal_end);

 MODULE_LICENSE("GPL");
--- a/lkmpg.tex
+++ b/lkmpg.tex
@ -1491,7 +1491,7 @@ $ sudo grep sys_call_table /proc/kallsyms
 ffffffff82000280 R x32_sys_call_table
 ffffffff820013a0 R sys_call_table
 ffffffff820023e0 R ia32_sys_call_table
-$ sudo insmod syscall.ko sym=0xffffffff820013a0
+$ sudo insmod syscall_steal.ko sym=0xffffffff820013a0
 \end{verbatim}

 Using the address from \verb|/boot/System.map|, be careful about \verb|KASLR| (Kernel Address Space Layout Randomization).