tailieunhanh - ‘Dynamic’ kernel patching

‘Dynamic’ kernel patching introducts System calls, ‘Open Source’ philosophy, Alternative to edit/recompile, Invoking kernel services, The system-call jump-table, Assembly language, Changing the jump-table, Avoid hard-coded constant. | ‘Dynamic’ kernel patching How you could add your own system-calls to Linux without editing and recompiling the kernel System calls • System Calls are the basic OS mechanism for providing privileged kernel services to application programs (., fork(), clone(), execve(), read(), write(), signal(), getpid(), waitpid(), gettimeofday(), setitimer(), etc.) • Linux implements over 300 system calls • To understand how system calls work, we can try creating one of our own design ‘Open Source’ philosophy • Linux source-code is publicly available • In principle, anyone could edit the sources to add their own new functions into Linux • In practice, it is inconvenient to do this • The steps needed involve reconfiguring, recompiling, and reinstalling your kernel • For novices these steps are treacherous! • Any error risks data-loss and down-time Alternative to edit/recompile • Linux modules offer an alternative method for modifying the OS kernel’s functionality • It’s safer -- and vastly more convenient – since error-recovery only needs a reboot, and minimal system knowledge suffices • The main hurdle to be overcome concerns the issue of ‘linking’ module code to some non-exported Linux kernel data-structures Invoking kernel services user-mode (restricted privileges) kernel-mode (unrestricted privileges) application program installable module call call ret standard runtime libraries ret int 0x80 Linux .