system call hacking in linux for arm -


i trying write kernel module replace system calls linux 4.9. solutions on internet specific x86 working on beaglebone black has arm cortex a8. have done far.

static unsigned long *sys_call_table; // global

the module when insmoded appears device in /dev user can open , give ioctl command. in ioctl use 

sys_call_table=(void*)kallsyms_lookup_name("sys_call_table");

which obtains same address given in system.map file. moment try change system call using 

*(sys_call_table + __nr_open) = (unsigned long)custom_open;

it gives errors. are

[  155.354417] unable handle kernel paging request @ virtual address c01079f8 [  155.361959] pgd = de6c0000 [  155.364780] [c01079f8] *pgd=8000041e(bad) [  155.368981] internal error: oops: 80d [#1] smp arm [  155.373980] modules linked in: intercept(o) [last unloaded: intercept] [  155.380821] cpu: 0 pid: 120 comm: test tainted: g           o    4.9.39 #1 [  155.387991] hardware name: generic am33xx (flattened device tree) [  155.394342] task: de6b2380 task.stack: de664000 [  155.399089] pc @ my_ioctl+0x64/0x94 [intercept] [  155.404180] lr @ my_ioctl+0x58/0x94 [intercept] [  155.409269] pc : [<bf0040dc>]    lr : [<bf0040d0>]    psr: 60000013 [  155.409269] sp : de665f08  ip : 00000001  fp : bedb0c54 [  155.421258] r10: 00000000  r9 : 00000003  r8 : 00000003 [  155.426711] r7 : c02b354c  r6 : de6293c0  r5 : de6dc2f0  r4 : bf004580 [  155.433522] r3 : c01079e4  r2 : bf004000  r1 : ffffe000  r0 : bf004294 [  155.440334] flags: nzcv  irqs on  fiqs on  mode svc_32  isa arm  segment none [  155.447773] control: 10c5387d  table: 9e6c0019  dac: 00000051 [  155.453772] process test (pid: 120, stack limit = 0xde664218) [  155.459771] stack: (0xde665f08 0xde666000) [  155.464321] 5f00:                   bedb0dac c02b2aec 00000000 de6b2670 de665f7c c07ddc98 [  155.472862] 5f20: 60000013 c0c0512c c0cbfe80 c0192d10 c0c8311c de611000 c029ddd8 c0cbf624 [  155.481401] 5f40: 2ae98e92 00000024 2b36fb89 00000024 c07de574 df947010 de6293c8 de664000 [  155.489938] 5f60: 00000000 00000000 de6293c0 de6293c0 00000005 bedb0dac 00000003 00000000 [  155.498469] 5f80: bedb0c54 c02b354c 00000000 00000000 0001036c 00000036 c01079e4 de664000 [  155.507005] 5fa0: 00000000 c0107840 00000000 00000000 00000003 00000005 bedb0dac 00010494 [  155.515541] 5fc0: 00000000 00000000 0001036c 00000036 00000000 00000000 b6f12000 bedb0c54 [  155.524075] 5fe0: b6e74d90 bedb0c44 000104bc b6e74d9c 60000010 00000003 00000000 00000000 [  155.532633] [<bf0040dc>] (my_ioctl [intercept]) [<c02b2aec>] (do_vfs_ioctl+0x90/0xa84) [  155.541357] [<c02b2aec>] (do_vfs_ioctl) [<c02b354c>] (sys_ioctl+0x6c/0x7c) [  155.548992] [<c02b354c>] (sys_ioctl) [<c0107840>] (ret_fast_syscall+0x0/0x1c) [  155.556898] code: eb48ce6e e5943004 e59f2028 e59f0028 (e5832014)  [  155.563276] ---[ end trace 0529de7e48dd6bb4 ]--- [  155.571707] mydevice closed segmentation fault

please give me solution specific arm.


Comments

Post a Comment

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m
Read more

python Tkinter Capturing keyboard events save as one single string -

is possible store keyboard events 1 string? code below stores 1 char , prints it. card reader or bar code reader, contains collection of character/ string not 1 character @ time. goal save char pressed text variable. from tkinter import * root = tk() def key(event): text= event.char text+= event.char print ("pressed", text) def callback(event): frame.focus_set() print ("clicked at", event.x, event.y) frame = frame(root, width=100, height=100) frame.bind("<key>", key) frame.bind("<button-1>", callback) frame.pack() root.mainloop() currently, creating text variable , everytime key() function gets called, , text stores last character typed. you can define text module level variable , , use module level text inside key function - text = '' def key(event): global text text+= event.char print("pressed", text)
Read more

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -

here tables: create table customer ( cid int primary key, name varchar(32) ) create table ord ( oid int primary key, cid int foreign key references customer, address varchar(20) ) here's linq-to-sql statement: var aaa = c in db.customer select new { c, o = c.ord.tolist() }; and here's inexplicable query generated linq-to-sql: select [t0].[cid] [cid], [t0].[name] [name], [t1].[oid] [oid], [t1].[cid] [cid2], [t1].[address] [address], (select count(*) [dbo].[ord] [t2] [t2].[cid] = [t0].[cid]) [value] [dbo].[customer] [t0] left outer join [dbo].[ord] [t1] on [t1].[cid] = [t0].[cid] order [t0].[cid], [t1].[oid] i want understand how rid of count(*) part. it's entirely uncalled for! linq needs count(*) in order determine number of entries returned o = c.ord.tolist() .
Read more