Finding the sys call table in memory 64-bit on 4.x.x Kernel

前端 未结 1 1046
余生分开走
余生分开走 2021-02-11 00:23

I\'m trying to write a simple kernel module to find the sys_call_table in Linux and am having some trouble. I found a basic guide for 32-bit Linux here: https://memset.wordpress

1条回答
  •  遇见更好的自我
    2021-02-11 01:08

    Your kernel may have enabled x32 compat.

    1. There are two sys_call_tables in this kind of kernel. compat_sys_call_table(ia23_sys_call_table) for 32-bit and sys_call_table for 64-bit. And they use the same sys_close.

    2. You may find sys_close in compat_sys_call_table, but __NR_close is different between 32-bit unistd.h and 64-bit unistd.h. You may be using 64-bit __NR_close, so you cannot get compat_sys_call_table nor sys_call_table correctly.

    You can check my code, ASyScallHookFrame, it works fine on Android kernel 3.10.

    0 讨论(0)
提交回复
热议问题