我正在尝试按照下面的链接说明为我的OS课程进行自定义系统调用: https://uwnthesis.wordpress.com/2016/12/26/basics-of-making-a-rootkit-from-syscall-to-hook/
我的内核版本是5.3.9。 到目前为止,这是我的代码: 我的.c文件(位于/usr/srclinux-5.3.9):
#include <linux/syscalls.h>
#include <linux/kernel.h>
#include <linux/sched.h>
#include <linux/init.h>
#include <linux/tty.h>
#include <linux/string.h>
#include "pname.h"
asmlinkage long sys_process_name(char* process_name){
/*placeholder to print full string to tty*/
char name[32];
strcpy(name,process_name);
/*tasklist struct to use*/
struct task_struct *task;
/*tty struct*/
struct tty_struct *my_tty;
/*get current tty*/
my_tty = get_current_tty();
/*<sched.h> library method that iterates through list of processes from task_struct defined above*/
for_each_process(task){
printk("Task name: %s.\n",task->comm);
printk("Task ID: %ld.\n",task->pid);
printk("Task for compare: %s.\n",name);
printk("\n");
/*compares the current process name (defined in task->comm) to the passed in name*/
if(strcmp(task->comm,name) == 0){
printk("Process Found!\n");
/*convert to string and put into name[]*/
sprintf(name,"PID = %ld\n",(long)task_pid_nr(task));
/*show result to user that called the syscall*/
(my_tty->driver->ops->write) (my_tty,name,strlen(name)+1);
}
}
return 0;
}
我的.h文件:
asmlinkage long sys_process_name(char*process_name);
我的Makefile:
obj-y := pname.o
我已将此系统调用包括到我的syscalls_64.tbl和syscalls.h中。
在成功编译了上面的代码之后,我尝试了以下代码来测试syscall testPname.c:
#include <stdio.h>
#include <linux/kernel.h>
#include <sys/syscall.h>
#include <unistd.h>
#include <string.h>
int main(){
char name[32];
puts("Enter process to find");
scanf("%s",name);
strtok(name,"\n");
long int status = syscall(335,name); //syscall number 335 and passing in the string.}
printf("System call returned %ld\n",status);
return 0;
}
但是,当我将一堆printk放入pname.c文件中,并注意到“ char * process_name”从未从我的testPname传递到syscall时,因此从未达到strcmp。我尝试浏览一种将参数传递给系统调用的方法,但未能到达那里。