fix RPM, add getmodule
getmodule returns int Sadge
This commit is contained in:
@@ -5,6 +5,8 @@
|
|||||||
#include <linux/kernel.h>
|
#include <linux/kernel.h>
|
||||||
#include <linux/sched.h>
|
#include <linux/sched.h>
|
||||||
#include <linux/uaccess.h>
|
#include <linux/uaccess.h>
|
||||||
|
#include <linux/sched/signal.h>
|
||||||
|
#include <linux/maple_tree.h>
|
||||||
|
|
||||||
#define DRIVER_NAME "TaxiDriver"
|
#define DRIVER_NAME "TaxiDriver"
|
||||||
#define DRIVER
|
#define DRIVER
|
||||||
@@ -72,6 +74,23 @@ int WPM(t_WPM args) {
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static uintptr_t list_process_modules(const char *mod) {
|
||||||
|
struct mm_struct *mm = task->mm;
|
||||||
|
struct vm_area_struct *vma;
|
||||||
|
VMA_ITERATOR(vmi, mm, 0);
|
||||||
|
|
||||||
|
for_each_vma(vmi, vma) {
|
||||||
|
if (vma->vm_file) {
|
||||||
|
struct file *file = vma->vm_file;
|
||||||
|
printk(KERN_INFO "TaxiDriver: Shared Library: %s start: 0x%lx end: 0x%lx\n",
|
||||||
|
file->f_path.dentry->d_name.name, vma->vm_start, vma->vm_end);
|
||||||
|
if (strcmp(file->f_path.dentry->d_name.name, mod) == 0)
|
||||||
|
return (uintptr_t)vma->vm_start;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int init_process_by_pid(int target_pid) {
|
static int init_process_by_pid(int target_pid) {
|
||||||
printk(KERN_INFO "TaxiDriver: Accessing process with PID: %d\n", target_pid);
|
printk(KERN_INFO "TaxiDriver: Accessing process with PID: %d\n", target_pid);
|
||||||
|
|
||||||
@@ -82,7 +101,6 @@ static int init_process_by_pid(int target_pid) {
|
|||||||
if (task != NULL) {
|
if (task != NULL) {
|
||||||
const char *process_name = task->comm;
|
const char *process_name = task->comm;
|
||||||
printk(KERN_INFO "TaxiDriver: Process with PID %d has name: %s\n", target_pid, process_name);
|
printk(KERN_INFO "TaxiDriver: Process with PID %d has name: %s\n", target_pid, process_name);
|
||||||
// Access and manipulate the process here
|
|
||||||
put_task_struct(task);
|
put_task_struct(task);
|
||||||
} else {
|
} else {
|
||||||
printk(KERN_INFO "TaxiDriver: Process with PID %d not found\n", target_pid);
|
printk(KERN_INFO "TaxiDriver: Process with PID %d not found\n", target_pid);
|
||||||
@@ -101,10 +119,20 @@ static long device_ioctl(struct file *file, unsigned int ioctl_num, unsigned lon
|
|||||||
{
|
{
|
||||||
struct s_WPM wpm_args;
|
struct s_WPM wpm_args;
|
||||||
struct s_RPM rpm_args;
|
struct s_RPM rpm_args;
|
||||||
|
const char *mod = kmalloc(sizeof(char) * 256, GFP_KERNEL);
|
||||||
|
if (!mod)
|
||||||
|
return -ENOMEM;
|
||||||
int pid;
|
int pid;
|
||||||
int return_value = 0;
|
long return_value = 0;
|
||||||
|
|
||||||
switch (ioctl_num) {
|
switch (ioctl_num) {
|
||||||
|
case IOCTL_GETMODULE:
|
||||||
|
if (copy_from_user((void *)mod, (int *)arg, sizeof(char *)))
|
||||||
|
return -EFAULT;
|
||||||
|
return_value = list_process_modules(mod);
|
||||||
|
kfree(mod);
|
||||||
|
break;
|
||||||
|
|
||||||
case IOCTL_OPENPROC:
|
case IOCTL_OPENPROC:
|
||||||
if (copy_from_user(&pid, (int *)arg, sizeof(int)))
|
if (copy_from_user(&pid, (int *)arg, sizeof(int)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
@@ -115,6 +143,7 @@ static long device_ioctl(struct file *file, unsigned int ioctl_num, unsigned lon
|
|||||||
if (copy_from_user(&rpm_args, (int *)arg, sizeof(t_RPM)))
|
if (copy_from_user(&rpm_args, (int *)arg, sizeof(t_RPM)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
return_value = RPM(rpm_args);
|
return_value = RPM(rpm_args);
|
||||||
|
put_user(return_value, rpm_args.out_addr);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case IOCTL_WPM:
|
case IOCTL_WPM:
|
||||||
|
|||||||
@@ -6,13 +6,16 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define IOCTL_OPENPROC _IOW('k', 1, int)
|
#define IOCTL_OPENPROC _IOW('k', 1, int)
|
||||||
#define IOCTL_RPM _IOW('k', 1, t_RPM)
|
#define IOCTL_GETMODULE _IOW('k', 2, const char*)
|
||||||
#define IOCTL_WPM _IOW('k', 2, t_WPM)
|
#define IOCTL_RPM _IOW('k', 3, t_RPM)
|
||||||
|
#define IOCTL_WPM _IOW('k', 4, t_WPM)
|
||||||
|
|
||||||
typedef struct s_RPM
|
typedef struct s_RPM
|
||||||
{
|
{
|
||||||
uintptr_t addr;
|
uintptr_t addr;
|
||||||
ssize_t size;
|
ssize_t size;
|
||||||
|
uintptr_t out;
|
||||||
|
uintptr_t *out_addr;
|
||||||
} t_RPM;
|
} t_RPM;
|
||||||
|
|
||||||
typedef struct s_WPM
|
typedef struct s_WPM
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
#include "memory.h"
|
#include "memory.h"
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
int main() {
|
int main() {
|
||||||
if (!open_device())
|
if (!open_device())
|
||||||
@@ -8,17 +9,16 @@ int main() {
|
|||||||
if (!open_process(pid))
|
if (!open_process(pid))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
uintptr_t addr = get_module("nsnake");
|
||||||
|
printf("module : 0x%lx\n", addr);
|
||||||
struct s_WPM args_wpm;
|
struct s_WPM args_wpm;
|
||||||
args_wpm.addr = 0x55a813479d70;
|
args_wpm.addr = 0x55a813479d70;
|
||||||
args_wpm.size = 4;
|
args_wpm.size = 4;
|
||||||
args_wpm.value = (uintptr_t)667;
|
args_wpm.value = (uintptr_t)667;
|
||||||
WPM(args_wpm);
|
WPM(args_wpm);
|
||||||
|
|
||||||
struct s_RPM args;
|
int out = (int)RPM(0x55a813479d70, sizeof(int));
|
||||||
args.addr = 0x55a813479d70;
|
printf("Value from RPM: %d\n", out);
|
||||||
args.size = sizeof(int);
|
|
||||||
int val = (int)RPM(args);
|
|
||||||
printf("Value from RPM: %d\n", val);
|
|
||||||
|
|
||||||
close_device();
|
close_device();
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@@ -1,4 +1,6 @@
|
|||||||
#include "memory.h"
|
#include "memory.h"
|
||||||
|
#include "communication_struct.h"
|
||||||
|
#include <stdio.h>
|
||||||
#include <sys/ioctl.h>
|
#include <sys/ioctl.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
@@ -22,17 +24,21 @@ void close_device(void)
|
|||||||
close(file_desc);
|
close(file_desc);
|
||||||
}
|
}
|
||||||
|
|
||||||
void *RPM(t_RPM args)
|
void *RPM(uintptr_t address, ssize_t size)
|
||||||
{
|
{
|
||||||
int ret;
|
struct s_RPM args;
|
||||||
|
args.addr = address;
|
||||||
|
args.size = size;
|
||||||
|
args.out = 0;
|
||||||
|
args.out_addr = &args.out;
|
||||||
|
|
||||||
ret = ioctl(file_desc, IOCTL_RPM, &args);
|
int ret = ioctl(file_desc, IOCTL_RPM, &args);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
perror("Revird: RPM failed.");
|
perror("Revird: RPM failed.");
|
||||||
close(file_desc);
|
close(file_desc);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return (void *)ret;
|
return (void *)args.out;
|
||||||
}
|
}
|
||||||
|
|
||||||
void WPM(t_WPM args)
|
void WPM(t_WPM args)
|
||||||
@@ -60,3 +66,15 @@ int open_process(int pid)
|
|||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
uintptr_t get_module(const char *mod)
|
||||||
|
{
|
||||||
|
int ret = ioctl(file_desc, IOCTL_GETMODULE, mod);
|
||||||
|
if (ret < 0) {
|
||||||
|
perror("Revird: getmodule failed.");
|
||||||
|
close(file_desc);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|||||||
@@ -4,6 +4,7 @@
|
|||||||
|
|
||||||
int open_device(void);
|
int open_device(void);
|
||||||
void close_device(void);
|
void close_device(void);
|
||||||
void *RPM(t_RPM args);
|
void *RPM(uintptr_t address, ssize_t size);
|
||||||
void WPM(t_WPM args);
|
void WPM(t_WPM args);
|
||||||
int open_process(int pid);
|
int open_process(int pid);
|
||||||
|
uintptr_t get_module(const char *mod);
|
||||||
|
|||||||
Reference in New Issue
Block a user