Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Aug 2002 03:29:17 +0200
From:      Pawel Jakub Dawidek <nick@garage.freebsd.pl>
To:        freebsd-hackers@freebsd.org
Subject:   Replacing kernel functions.
Message-ID:  <20020828012917.GH22722@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help 

--ZYOWEO2dMm2Af3e3
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello hackers...

I've wrote two functions to replace kernel functions.

/*
 * sysfun - address of kernel function
 *  myfun - address of our function
 *    buf - 5 bytes length buffer to keep old first 5 kernel function bytes
 */
static u_int
funchange(void *sysfun, void *myfun, void *buf)
{
	static u_char	*chgcode =3D "\xe9....";
	u_long		*addr;

	/*
	 * Dots will be replaced by address of our function, so we go:
	 *	jmp	<myfun>
	 */

	if (sysfun =3D=3D NULL || myfun =3D=3D NULL || buf =3D=3D NULL)
		return (EFAULT);

	/* Keep first 5 bytes of kernel function in giveen buffer */
	memcpy(buf, sysfun, 5);

	/* Count address for 'jmp' and put it to 'chgcode' */
	addr =3D (u_long *)((u_char *)chgcode + 1);
	*addr =3D (u_long)myfun - (u_long)sysfun - 10;

	/* ok! let's replace it */
	memcpy(sysfun, chgcode, 5);

	return (0);
}

static u_int
funbackchange(void *sysfun, void *buf)
{

	if (sysfun =3D=3D NULL || buf =3D=3D NULL)
		return (EFAULT);

	memcpy(sysfun, buf, 5);

	return (0);
}

How to use:

int
ourfun(...)
{
	[...]
}
[...]
	char	buf[5];
	[...]
	funchange(kernfun, ourfun, buf);
	[...]
	funbackchange(kernfun, buf);
[...]

Ok... And now what I want from You.
This works of course only on i386 arch and I need version of those functions
for the rest of archs supported by FreeBSD.
So if You know how to port them, fell free to send me Your version:)

Thanks!

--=20
Pawel Jakub Dawidek
UNIX Systems Administrator
http://garage.freebsd.pl
Am I Evil? Yes, I Am.

--ZYOWEO2dMm2Af3e3
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iQCVAwUBPWwnbT/PhmMH/Mf1AQFhLQQAiZSEchxpZIwnveOTRTSCggdA4SSqgbmw
5aupjbncIcqfqN4tgehQqggvB+dg4CpIaDYYFk9Hepe0KFHnBbKNUkxWPRiS1V6D
FflzL1ROalGh0P41wyKoY2cRH3QYiOtapoFWoghZ/lOlkjOHrzJdFJlAIO891+Sg
d8LnEWJRhqw=
=lrIl
-----END PGP SIGNATURE-----

--ZYOWEO2dMm2Af3e3--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020828012917.GH22722>