lkm-syscall

Linux Loadable Kernel Module system call hijacking

> ./run.sh foobar
┌──────────────────────────────┐
│  Load Kernel Module syscall  │
└──────────────────────────────┘
# insmod syscall.ko

┌──────────────────────────────┐
│           lsmod              │
└──────────────────────────────┘
$ lsmod | grep 'syscall'
syscall                12658  0 

┌──────────────────────────────┐
│           Test               │
└──────────────────────────────┘
$ ./test 
Call syscall at offset 184
Syscall return 0

┌──────────────────────────────┐
│ Unload Kernel Module syscall │
└──────────────────────────────┘
# rmmod syscall

┌──────────────────────────────┐
│           dmesg              │
└──────────────────────────────┘
$ dmesg
[37894.803863] Custom syscall loaded
[37894.803870] Syscall table address : ffffffff81801420
[37894.803899] Syscall at offset 184 : ffffffff810885f0
[37894.803922] Custom syscall address ffffffffa0111000
[37894.803924] Syscall hijacked
[37894.803925] Syscall at offset 184 : ffffffffa0111000
[37894.824530] LKM Syscall : Foo
[37894.837080] Syscall at offset 184 : ffffffff810885f0
[37894.837083] Custom syscall unloaded

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
lkm		lkm
test		test
.gitignore		.gitignore
Makefile		Makefile
README.md		README.md
run.sh		run.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

lkm-syscall

About

Releases

Packages

Languages

xsyann/lkm-syscall

Folders and files

Latest commit

History

Repository files navigation

lkm-syscall

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages