0

Good day.

I am trying to produce a SHA1 of the hex memory address of the following ksym_name: 

static char ksym_name[KSYM_NAME_LEN] = "pid_max";

The above code is from : Watch a variable (memory address) change in Linux kernel, and print stack trace when it changes?, file name : testhrarr.c

I am trying to implement this proof of concept -that differing hashes signifies violation of ksym_name integrity. Implementation shall be in the form of a Linux Kernel Module via insmod module_name.ko, hence C codes to work at the Linux Kernel level.

Example: 0xf7ce31a8 - original memory location of kysm_name of pid_max If the memory location changes to e.g. 0xf7ce31c1 - signifies integrity violation, symbol pid_max isn't running at the original location and that an alert should be raised.

I am able to print the hex address of ksym_name via :

printk(KERN_INFO " Addresses of ksym_name of %s is : 0x%p" ,&ksym_name);

the output of which displays a hex address e.g. 0xf7ce31a8.

To illustrated what I wish to achieve, I provide an example from : How come an array's address is equal to its value in C?.

In reference to the code found in the above link, what I desire is for :

char hex_array[40] = for storage of the hex address of %p output of &my_array' i.e. 0xf7ce31a8

as per :

char hex_array[40] = " 0xf7ce31a8 ";

then, next step is to channel the output of %p into a char array and produce a SHA1 hash of the hex address from the output of the %p of &my_array. See printf () below:

printf("&my_array = %p\n", &my_array);

To summarize: Put %p of &my_array into char hex_array[40] and produce a SHA1 hash from the hex address of %p for &my_array.

My questions are :

  1. How can I place the output from %p in the printf() above into char hex_array[40], and then produce a SHA1 hash from the hex address of the output from %p?

  2. How can I place the output from 0x%p in the printk() above into char my_array[100], and then produce a SHA1 hash from the hex address of the output from 0x%p?

I had perused these resources, but has yet to find the solution:

a. How to convert an address stored in char array to actual address? ,

b. How to convert a string which is holding a hexadecimal number into a hexadecimal format in c?

c. How to convert char[] array of hex characters to a byte array of values?

Thanks in advance for any kind assistance.

Community
  • 1
  • 1
jyteh
  • 11
  • 2
  • You can use `itoa(...)` (http://www.cplusplus.com/reference/cstdlib/itoa/) to convert the pointer into the character array (string). It will, however, be lowercase and won't append the leading zeros, if any. From there, you would do whatever hashing on the string you needed (I'm not really familiar with hashing algorithms so I can't really help there). – Josh Braun Apr 16 '14 at 13:05
  • Thank you for your valued feedback. Will try out the itoa(). – jyteh Apr 17 '14 at 02:47

0 Answers0