Skip to content

milabs/kmod_hooking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
libudis86
libudis86
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
layout.lds
layout.lds
 
 
module-init.c
module-init.c
 
 
udis86.h
udis86.h
 
 

Repository files navigation

About

This module provides mechanism that allows to hook kernel functions using exception tables.

Usage

Given the kernel function X which has prototype typeof(X) let's see how to hook it:

  1. Use DECLARE_KHOOK(X) macro to declare the hook
  2. Write hook's body using khook_X function name and typeof(X) as a prototype
  3. Use KHOOK_ORIGIN(X, args) macro as a wrapper around the X function call
  4. Protect hook's body with KHOOK_USAGE_INC(X) and KHOOK_USAGE_DEC(X)

Example

#include <linux/fs.h> // inode_permission() prototype lives here

DECLARE_KHOOK(inode_permission);
int khook_inode_permission(struct inode * inode, int mode)
{
	int result;

	KHOOK_USAGE_INC(inode_permission);

	debug("%s(%pK,%08x) [%s]\n", __func__, inode, mode, current->comm);

	result = KHOOK_ORIGIN(inode_permission, inode, mode);

	debug("%s(%pK,%08x) [%s] = %d\n", __func__, inode, mode, current->comm, result);

	KHOOK_USAGE_DEC(inode_permission);

	return result;
}

Credits

Written by Ilya V. Matveychikov [email protected], distributed under GPL

About

Kernel function hooking using exception tables

Resources

Readme

License

GPL-2.0 license
Activity

Stars

27 stars

Watchers

6 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages