ÔÚlinuxÖÐËùÓеÄsyscall¶¼Êǵ÷ÓÃint 0x80, int 0x80µÄÖжϷþÎñ³ÌÐòΪsystem_call(arch/x86/kernel/traps_32.c:set_system_gate(SYSCALL_VECTOR,&system_call). system_call (arch/x86/entry_32.S)×îÖÕcall *sys_call_table(,%eax,4)À´Íê³ÉÒ»¸ösyscallµ÷ÓÃ.
¼´ int 0x80 -> system_call -> sys_call_table, ÕâÑùÎÒÃÇÖ»ÒªÊ×ÏÈ»ñÈ¡int 0x80µÄÖжϷþÎñµØÖ·system_callµØÖ·, È»ºóÔÚsystem_call´úÂëÖÐÖ±½ÓËÑË÷callÖ¸Áî¼´¿ÉÕÒµ½sys_call_tableµØÖ·ÁË!
ÁíÒ»ÖÖ·½·¨¾ÍÊÇÖ±½ÓÐÞ¸Ä
ͨ¹ýcat /boot/System.map-`uname -r` |grep sys_call_table ²é¿´µ±Ç°sys_call_tableµØÖ·,²¢Óëͨ¹ýÒÔÉÏ·½·¨È¡µÃµÄµØÖ·×ö±È½Ï!
Äں˰汾: ubuntu 2.6.24-19-server
/*
* Standard in kernel modules
*/
#include <linux/kernel.h> /* We're doing kernel work */
#include <linux/module.h> /* Specifically, a module, */
#include <linux/moduleparam.h> /* which will have params */
#include <linux/unistd.h> /* The list of system calls */
/*
* For the current (process) structure, we need
* this to know who the current user is.
*/
#include <linux/sched.h>
#include <asm/uaccess.h>
unsigned long *sys_call_table = 0;
//EXPORT_SYMBOL ( sys_call_table );
struct {
unsigned short limit;
unsigned int base;
} __attribute__ ( ( packed ) ) idtr;
struct {
unsigned short offset_low;
unsigned short segment_select;
unsigned char reserved, flags;
unsigned short offset_high;
} __attribute__ ( ( packed ) ) * idt;
unsigned long* find_sys_call_table(void)
{
unsigned long system_call = 0; // x80Öжϴ¦Àí³ÌÐòsystem_call µØÖ·
char *call_hex = "\xff\x14\x85"; // call Ö¸Áî
char *code_ptr = NULL;
