You are not logged in.

#1 2013-03-09 17:15:00

EbubekirK
Member
Registered: 2012-12-15
Posts: 12

How to change system calls with modules ?

ehehe, do you really want to read this discussion? Are you researching about me or... Immh, what?

Last edited by EbubekirK (2016-04-23 11:21:21)

Offline

#2 2013-03-15 19:56:29

vkumar
Member
Registered: 2008-10-06
Posts: 166

Re: How to change system calls with modules ?

You can't dynamically add system calls to the kernel, but you can intercept them.

This article shows you how: http://www.linuxjournal.com/article/4378


div curl F = 0

Offline

#3 2013-03-17 15:08:58

EbubekirK
Member
Registered: 2012-12-15
Posts: 12

Re: How to change system calls with modules ?

vkumar wrote:

You can't dynamically add system calls to the kernel, but you can intercept them.

This article shows you how: http://www.linuxjournal.com/article/4378

I don't want to add new system calls to kernel, I want to change existing system calls hmm

Last edited by EbubekirK (2013-03-17 15:16:06)

Offline

#4 2013-03-18 04:22:50

MagicSkyFairy
Member
Registered: 2013-03-14
Posts: 79

Re: How to change system calls with modules ?

Googled "linux system calls".

http://docs.cs.up.ac.za/programming/asm … calls.html

There is a table with all the system calls and their numbers in the source somewhere.  If you are going to distribute this, don't change the system calls.  It's a terrible idea, they don't even remove depreciated ones, but if you're just playing around then have fun and do whatever the hell you want.

Last edited by MagicSkyFairy (2013-03-18 04:23:53)


I have wasted atleast a second of your time by making you read my signature.

Offline

#5 2013-03-19 12:56:44

EbubekirK
Member
Registered: 2012-12-15
Posts: 12

Re: How to change system calls with modules ?

MagicSkyFairy wrote:

Googled "linux system calls".

http://docs.cs.up.ac.za/programming/asm … calls.html

There is a table with all the system calls and their numbers in the source somewhere.  If you are going to distribute this, don't change the system calls.  It's a terrible idea, they don't even remove depreciated ones, but if you're just playing around then have fun and do whatever the hell you want.

Hello, I dunno how to use system call table in 3.x, in 2.x I can, but 2.x technique do not working in 3.x.

Last edited by EbubekirK (2016-04-23 11:19:52)

Offline

#6 2013-03-19 13:47:38

slint
Member
Registered: 2009-05-22
Posts: 31

Re: How to change system calls with modules ?

I guess your older technique relied on the linux kernel exporting the location of the syscalltable. It doesn't do that anymore since some 2.6.x version, so you have to manually find it.

Why are you even trying to overwrite the syscalltable?
If you're trying to sandbox a program, there's already such functionality build into the kernel (see namespaces http://lwn.net/Articles/531114/#series_index).
If you need to overwrite the behavior of a single program, using ld_preload often works, because programs usually make syscalls through the libc.
Or are you trying to write a kernel-mode rootkit?

Offline

#7 2013-03-19 17:36:13

MagicSkyFairy
Member
Registered: 2013-03-14
Posts: 79

Re: How to change system calls with modules ?

EbubekirK wrote:
MagicSkyFairy wrote:

Googled "linux system calls".

http://docs.cs.up.ac.za/programming/asm … calls.html

There is a table with all the system calls and their numbers in the source somewhere.  If you are going to distribute this, don't change the system calls.  It's a terrible idea, they don't even remove depreciated ones, but if you're just playing around then have fun and do whatever the hell you want.

Hello, i don't know how to use system call table in 3.x, in 2.x i can, but my 2.x technique not working in 3.x.

It's all over the internet.  You can't actually change the system call table by default since it is read only(write access would be a huge security hole).  The table is in entry.S of the source code.  I think you just have to edit the function in the file where the system call is(look at the link above).

Here is a link explaining how system calls work.  I can't really help you anymore after this since I feel like it's more than enough for you to atleast figure out how to find what you need on your own. http://www.win.tue.nl/~aeb/linux/lk/lk-4.html

I found these really quickly by simply searching "linux system calls" and "adding linux system calls".  I'm sure you would find your answer much faster by also doing this.

edit: One more link. http://www.tldp.org/HOWTO/html_single/I … -2.6-i386/

if that's not helpful: http://tuxthink.blogspot.com/2012/01/ad … nux-3.html

stackoverflow question on how to add syscalls in linux 3.3: http://stackoverflow.com/questions/9977 … kernel-3-3

and last one https://docs.google.com/viewer?a=v&q=ca … 5pDfsIQBfQ

Good luck and happy hacking.

Last edited by MagicSkyFairy (2013-03-19 17:48:17)


I have wasted atleast a second of your time by making you read my signature.

Offline

#8 2013-03-20 10:06:44

EbubekirK
Member
Registered: 2012-12-15
Posts: 12

Re: How to change system calls with modules ?

MagicSkyFairy wrote:
EbubekirK wrote:
MagicSkyFairy wrote:

Googled "linux system calls".

http://docs.cs.up.ac.za/programming/asm … calls.html

There is a table with all the system calls and their numbers in the source somewhere.  If you are going to distribute this, don't change the system calls.  It's a terrible idea, they don't even remove depreciated ones, but if you're just playing around then have fun and do whatever the hell you want.

Hello, i don't know how to use system call table in 3.x, in 2.x i can, but my 2.x technique not working in 3.x.

It's all over the internet.  You can't actually change the system call table by default since it is read only(write access would be a huge security hole).  The table is in entry.S of the source code.  I think you just have to edit the function in the file where the system call is(look at the link above).

Here is a link explaining how system calls work.  I can't really help you anymore after this since I feel like it's more than enough for you to atleast figure out how to find what you need on your own. http://www.win.tue.nl/~aeb/linux/lk/lk-4.html

I found these really quickly by simply searching "linux system calls" and "adding linux system calls".  I'm sure you would find your answer much faster by also doing this.

edit: One more link. http://www.tldp.org/HOWTO/html_single/I … -2.6-i386/

if that's not helpful: http://tuxthink.blogspot.com/2012/01/ad … nux-3.html

stackoverflow question on how to add syscalls in linux 3.3: http://stackoverflow.com/questions/9977 … kernel-3-3

and last one https://docs.google.com/viewer?a=v&q=ca … 5pDfsIQBfQ

Good luck and happy hacking.


Thanks smile

Last edited by EbubekirK (2016-04-23 11:19:06)

Offline

Board footer

Powered by FluxBB