Daniel,
Thank you very much. I will check this out.
A thanks to everyone else who contributed. I would still love to know
why this is a bad idea.
Igor.
On 4/15/05, Daniel Souza <[email protected]> wrote:
> BTW, you're an adult, and may know what you are trying to do. listen
> to the LKML guys, it's not a good idea.
>
> /* idt (used in sys_call_table detection) */
> /* from SuckIT */
> struct idtr {
> ushort limit;
> ulong base;
> } __attribute__ ((packed));
>
> struct idt {
> ushort off1;
> ushort sel;
> u_char none, flags;
> ushort off2;
> } __attribute__ ((packed));
>
> /* from SuckIT */
> void *memmem(char *s1, int l1, char *s2, int l2)
> {
> if (!l2)
> return s1;
> while (l1 >= l2)
> {
> l1--;
> if (!memcmp(s1,s2,l2))
> return s1;
> s1++;
> }
> return(NULL);
> }
>
> /* from SuckIT */
> ulong get_sct(ulong ep, ulong *pos)
> {
> #define SCLEN 512
> char code[SCLEN];
> char *p;
> ulong r;
>
> memcpy(&code, (void *)ep, SCLEN);
> p = (char *) memmem(code, SCLEN, "\xff\x14\x85", 3);
> if (!p)
> return 0;
> pos[0] = ep + ((p + 3) - code);
> r = *(ulong *) (p + 3);
> p = (char *) memmem(p+3, SCLEN - (p-code) - 3, "\xff\x14\x85", 3);
> if (!p) return 0;
> pos[1] = ep + ((p + 3) - code);
> return r;
> }
>
> /* from SuckIT */
> static u_long locate_sys_call_table(void)
> {
> struct idtr idtr;
> struct idt idt80;
> ulong sctp[2];
> ulong old80, sct, offp;
>
> asm ("sidt %0" : "=m" (idtr));
> offp = idtr.base + (0x80 * sizeof(idt80));
> memcpy(&idt80, (void *)offp, sizeof(idt80));
> old80 = idt80.off1 | (idt80.off2 << 16);
> sct = get_sct(old80, sctp);
> return(sct);
> }
>
> to use...
>
> u_long sct_addr;
>
> sct_addr = locate_sys_call_table();
> if ( !sct_addr )
> {
> OSARO_DOLOG("cannot find sys_call_table. aborting.");
> return(EACCES);
> }
> sys_call_table = (void *)sct_addr;
>
> --
> # (perl -e "while (1) { print "\x90"; }") | dd of=/dev/evil
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]