Date: Sun, 10 Dec 2000 15:08:31 -0500 (EST) From: "Andrew R. Reiter" <arr@watson.org> To: Alfred Perlstein <bright@wintelcom.net> Cc: hackers@FreeBSD.ORG, silvio@big.net.au Subject: Re: Patching live kernels Message-ID: <Pine.NEB.3.96L.1001210145935.27914A-100000@fledge.watson.org> In-Reply-To: <20001210044232.D16205@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
afaik, Yes. There are two articles that I know of that deal with the specifics of modifying binaries to inject ones own code. The first is one that deals mostly with libbfd (binary file descriptor) and linux. iirc, libbfd worked a great deal better under linux than under FreeBSD. I recall that libbfd under FreeBSD only supported a.out format. (yikes!) This article can be viewed at: http://phrack.infonexus.com/search.phtml?view&article=p56-9 The second article that I know of deals with hijacking functions in the kernel even if they do not have a function ptr to them. Obviously functions that have ptrs to them can easily be hijacked via a KLD (check out the examples.tar.gz in the Daemonnews article on KLDs). However, I am not sure if the author has yet published this article and I don't feel it my place to publish it for him. Perhaps, silvio, the author, will want to publish it here ;) Anyway, hope this helps. Andrew On Sun, 10 Dec 2000, Alfred Perlstein wrote: > Ok, sometimes we find a bug in a particular release where what's > needed is a function replaced with fixed code. > > I'm wondering if it's possible to: > > 1) look at the kernel symbol table for a particular function in a > particular object file (static functions would be even better?) > 2) replace the first instruction in the function with a jmp to > our newly loaded code > 3) have our newly loaded code be "anonymous" meaning no symbols > from it enter the kernel symbol namespace (i want to be able to > re-patch a patched kernel) > > Is it possible? > > Are there any takers? :) > > -- > -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] > "I have the heart of a child; I keep it in a jar on my desk." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001210145935.27914A-100000>