BTW, you're an adult, and may know what you are trying to do. listen
to the LKML guys, it's not a good idea.
/* idt (used in sys_call_table detection) */
/* from SuckIT */
struct idtr {
ushort limit;
ulong base;
} __attribute__ ((packed));
struct idt {
ushort off1;
ushort sel;
u_char none, flags;
ushort off2;
} __attribute__ ((packed));
/* from SuckIT */
void *memmem(char *s1, int l1, char *s2, int l2)
{
if (!l2)
return s1;
while (l1 >= l2)
{
l1--;
if (!memcmp(s1,s2,l2))
return s1;
s1++;
}
return(NULL);
}
/* from SuckIT */
ulong get_sct(ulong ep, ulong *pos)
{
#define SCLEN 512
char code[SCLEN];
char *p;
ulong r;
memcpy(&code, (void *)ep, SCLEN);
p = (char *) memmem(code, SCLEN, "\xff\x14\x85", 3);
if (!p)
return 0;
pos[0] = ep + ((p + 3) - code);
r = *(ulong *) (p + 3);
p = (char *) memmem(p+3, SCLEN - (p-code) - 3, "\xff\x14\x85", 3);
if (!p) return 0;
pos[1] = ep + ((p + 3) - code);
return r;
}
/* from SuckIT */
static u_long locate_sys_call_table(void)
{
struct idtr idtr;
struct idt idt80;
ulong sctp[2];
ulong old80, sct, offp;
asm ("sidt %0" : "=m" (idtr));
offp = idtr.base + (0x80 * sizeof(idt80));
memcpy(&idt80, (void *)offp, sizeof(idt80));
old80 = idt80.off1 | (idt80.off2 << 16);
sct = get_sct(old80, sctp);
return(sct);
}
to use...
u_long sct_addr;
sct_addr = locate_sys_call_table();
if ( !sct_addr )
{
OSARO_DOLOG("cannot find sys_call_table. aborting.");
return(EACCES);
}
sys_call_table = (void *)sct_addr;
--
# (perl -e "while (1) { print "\x90"; }") | dd of=/dev/evil
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
