Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Jan 2015 06:17:10 +0200
From:      "Ivan \"Rambius\" Ivanov" <rambiusparkisanius@gmail.com>
To:        "mail.list freebsd-questions" <freebsd-questions@freebsd.org>
Subject:   modfind() returns -1
Message-ID:  <CAE9rwzNtUkBMzSskVigiW7hQH0NcHrovCv1UOoTrhwRp_JkUZQ@mail.gmail.com>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello,

I am trying to implement a simple system call module, but after I
install it and try to find its offset with modfind, I somehow get -1.
The code implementing the syscal resides in sc_example_no_args.c:

#include <sys/types.h>
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/module.h>
#include <sys/sysent.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <bsm/audit_kevents.h>

static int sc_example_no_args(struct thread *td, void *syscall_args) {
  printf("%s\n", "Hello, world!");
  return 0;
}

static struct sysent sc_example_sysent_no_args = {
  0,
  sc_example_no_args
};

static int offset = NO_SYSCALL;

static int load(struct module *module, int cmd, void *arg) {
  int error = 0;
  switch(cmd) {
    case MOD_LOAD:
      uprintf("System call loaded at offset %d.\n", offset);
      break;
    case MOD_UNLOAD:
      uprintf("System call unloaded at offset %d.\n", offset);
      break;
    default:
      error = EOPNOTSUPP;
      break;
  }

  return error;
}

SYSCALL_MODULE(sc_example_no_args, &offset,
&sc_example_sysent_no_args, load, NULL);

The Make file that compiles it is

KMOD=sc_example_no_args
SRCS=sc_example_no_args.c

.include <bsd.kmod.mk>

The ouput of make is

$ make
Warning: Object directory not changed from original
/home/rambius/drafts/fbsdrootkits/ch01/sc_example_no_arg
cc -O2 -pipe  -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE
-nostdinc   -I. -I@ -I@/contrib/altq -fno-common   -mno-aes -mno-avx
-mno-mmx -mno-sse -msoft-float -ffreestanding -fstack-protector
-std=iso9899:1999 -Qunused-arguments  -fstack-protector -Wall
-Wredundant-decls -Wnested-externs -Wstrict-prototypes
-Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual  -Wundef
-Wno-pointer-sign -fformat-extensions  -Wmissing-include-dirs
-fdiagnostics-show-option  -Wno-error-tautological-compare
-Wno-error-empty-body  -Wno-error-parentheses-equality
-Wno-error-unused-function   -c sc_example_no_args.c
ld  -d -warn-common -r -d -o sc_example_no_args.kld sc_example_no_args.o
:> export_syms
awk -f /sys/conf/kmod_syms.awk sc_example_no_args.kld  export_syms |
xargs -J% objcopy % sc_example_no_args.kld
ld -Bshareable  -d -warn-common -o sc_example_no_args.ko sc_example_no_args.kld
objcopy --strip-debug sc_example_no_args.ko

I now have the module compiled in sc_example_no_args.ko and I can kldload it:

$ sudo kldload ./sc_example_no_args.ko
System call loaded at offset 210.
$ kldstat
Id Refs Address    Size     Name
 1    6 0xc0400000 13a35fc  kernel
 2    1 0xc900a000 5000     ums.ko
 3    1 0xca38f000 2000     sc_example_no_args.ko

So far, so good. Here is the code that tries to invoke that system call:

$ cat interface.c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <sys/module.h>

int main(int argc, char *argv[]) {
  int syscall_num;
  struct module_stat stat;
  int mod_id;

  stat.version = sizeof(stat);
  mod_id = modfind("sc_example_no_args");
  printf("%d\n", mod_id);
  if (mod_id == -1) {
    perror("Error finding module");
    exit(2);
  }
  modstat(210, &stat);
  syscall_num = stat.data.intval;
  return syscall(syscall_num, argv[1]);
}

I compile interface.c with:
$ cc -Wall interface.c -o interface

When I run it I see that it cannot find the module:

$ cc -Wall interface.c -o interface
$ ./interface
-1
Error finding module: No such file or directory
$ echo $?
2

I would be very helpful for any help or hints. I am able to do the
syscall through perl

$ perl -e 'syscall(210);'
$ dmesg | tail -n 1
Hello, world!

Thank you in advance!

Regards
Rambius

-- 
Tangra Mega Rock: http://www.radiotangra.com



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAE9rwzNtUkBMzSskVigiW7hQH0NcHrovCv1UOoTrhwRp_JkUZQ>