"sysextend" is a small kernel module / rootkit that allows you to write syscalls for a running linux kernel.
This library is provided with ABSOLUTELY NO GUARANTEE. We in fact suggest you DON'T USE THIS LIBRARY. By installing this module, you are ACTIVELY COMPROMISING the security of your machine. Use with EXTREME CAUTION.
This module is intended for OS and systems research where recompiling the linux kernel to install a syscall is impossible.
To write your own syscall.
- Add an entry to the SYSEXTEND enum at the top of include/sysextend.h, e.g.
__NR_dummy
. - Write a your syscall in kernel/sysextend_main.c, e.g.
sys_dummy
. The function prototype must match:unsigned long (foo)(void*)
- Also in kernel/sysextend_main.c, within
sysextend_init()
, add your function to the extended syscall table usingset_sysextend()
, e.g.set_sysextend(__NR_dummy,&sys_dummy);
To make your kernel module:
- cd kernel
- make
To install your kernel module:
- cd kernel
- sudo insmod kobj/sysextend.ko
To uninstall your kernel module:
- sudo rmmod sysextend.ko
To call your syscall from user space
- Install the kernel module
- Include the header include/sysextend.h in your user code
- Use the sysextend function to call the syscall, e.g.
sysextend(__NR_dummy, &args);
The module leverages the effectively deprecated sysctl
syscall to pass arguments through to the kernel.
For info on kernel programming, see: http://www.tldp.org/LDP/lkmpg/2.6/html/lkmpg.html