Date: Wed, 28 Aug 2002 03:29:17 +0200 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: freebsd-hackers@freebsd.org Subject: Replacing kernel functions. Message-ID: <20020828012917.GH22722@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
--ZYOWEO2dMm2Af3e3 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello hackers... I've wrote two functions to replace kernel functions. /* * sysfun - address of kernel function * myfun - address of our function * buf - 5 bytes length buffer to keep old first 5 kernel function bytes */ static u_int funchange(void *sysfun, void *myfun, void *buf) { static u_char *chgcode =3D "\xe9...."; u_long *addr; /* * Dots will be replaced by address of our function, so we go: * jmp <myfun> */ if (sysfun =3D=3D NULL || myfun =3D=3D NULL || buf =3D=3D NULL) return (EFAULT); /* Keep first 5 bytes of kernel function in giveen buffer */ memcpy(buf, sysfun, 5); /* Count address for 'jmp' and put it to 'chgcode' */ addr =3D (u_long *)((u_char *)chgcode + 1); *addr =3D (u_long)myfun - (u_long)sysfun - 10; /* ok! let's replace it */ memcpy(sysfun, chgcode, 5); return (0); } static u_int funbackchange(void *sysfun, void *buf) { if (sysfun =3D=3D NULL || buf =3D=3D NULL) return (EFAULT); memcpy(sysfun, buf, 5); return (0); } How to use: int ourfun(...) { [...] } [...] char buf[5]; [...] funchange(kernfun, ourfun, buf); [...] funbackchange(kernfun, buf); [...] Ok... And now what I want from You. This works of course only on i386 arch and I need version of those functions for the rest of archs supported by FreeBSD. So if You know how to port them, fell free to send me Your version:) Thanks! --=20 Pawel Jakub Dawidek UNIX Systems Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am. --ZYOWEO2dMm2Af3e3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPWwnbT/PhmMH/Mf1AQFhLQQAiZSEchxpZIwnveOTRTSCggdA4SSqgbmw 5aupjbncIcqfqN4tgehQqggvB+dg4CpIaDYYFk9Hepe0KFHnBbKNUkxWPRiS1V6D FflzL1ROalGh0P41wyKoY2cRH3QYiOtapoFWoghZ/lOlkjOHrzJdFJlAIO891+Sg d8LnEWJRhqw= =lrIl -----END PGP SIGNATURE----- --ZYOWEO2dMm2Af3e3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020828012917.GH22722>