I have been trying to hook the system calls at the kernel level.I got the basic idea from this question.The system call I was trying to intercept was the fork(). So I found out the address of the sys_call_table from System.map and it turned out to be 0xc12c9e90.Now I wrote the module as below.
#include<linux/kernel.h>
#include<linux/module.h>
#include<linux/unistd.h>
#include<linux/semaphore.h>
#include<asm/cacheflush.h>
MODULE_LICENSE("GPL");
void **sys_call_table;
unsigned long addr;
asmlinkage int (*original_call)(struct pt_regs);
asmlinkage int our_call(struct pt_regs regs)
{
printk("Intercepted sys_fork");
return original_call(regs);
}
static int __init p_entry(void)
{
struct page *pg;
printk(KERN_ALERT "Module Intercept inserted");
sys_call_table=(void *)0xc12c9e90;
pg=virt_to_page(sys_call_table);
addr=(unsigned long)page_address(pg);
set_memory_rw(addr,1);
original_call=sys_call_table[__NR_fork];
sys_call_table[__NR_fork]=our_call;
set_memory_ro(addr,1);
return 0;
}
static void __exit p_exit(void)
{
sys_call_table[__NR_fork]=original_call;
set_memory_ro(addr,1);
printk(KERN_ALERT "Module Intercept removed");
}
module_init(p_entry);
module_exit(p_exit);
I compiled the module and tried to insert it to the kernel.Unfortunately the dmesg output gave me a message as follows BUG:unable to handle kernel paging request at c12c9e98 and here is the ellaborate dmesg out put
As an experiment to find out the problem, I simply commented out the line
sys_call_table[__NR_fork]=our_call;
After that I repeated the compilation and followed by insertion.And it didn't show up any errors. So I concluded that ,the above specified line which assigns the new function in to sys_call_table is the problem. But I don't know what could be causing it and how to solve it.Can any one help me out to solve it?
