Finding Hidden Modules on 2.6 kernel

xiaoxiao2021-03-06 75

http://www.linuxforum.net/forum/showflat.php?cat=512152&page=5&x=collapsed&sb=5&o=31&fpart=

Article title [Essence] Finding Hidden Modules on 2.6 kernel_module_hunter Reply

Posting: Madsys (Old Hand)

Posted 09/08/04 14:47

/ * Name: Module Hunter 2.6 Ver 1.0 9.6.04

Author: Madsys

USAGE: CAT / Proc / ShowModules

* /

#undef kbuild_modname

#define kbuild_modname MH26

#include

#ifdef config_smp

#define __smp__

#ENDIF

#if config_modversions == 1

#define modversions

// # include

#ENDIF

#include

#include // Must Need

#include

// static int errno;

#define hardcore 0xc041f000

#define stepping (Page_size / 32)

INT Valid_addr (unsigned long address)

{

UNSIGNed Long Page;

IF (! address)

Return 0;

Page = ((unsigned long *) Hardcore) [Address >> 22]; // PDE

IF (Page & 1)

{

Page & = Page_mask;

Address & = 0x003FF000;

Page = (unsigned long *) __va (page)) [Address >> Page_shift]; // PTE

IF (Page)

Return 1;

}

Return 0;

}

SSIZE_T SHOWMODULE_READ (Struct File * unused_file, char * buffer, size_t len, loff_t * OFF)

{

Struct Module * P;

Printk ("/ Naddress name size core_addr flags / n / n");

For (p = (struct module *) vmalloc_start; p <= (structModule *) (Vmalloc_Start Vmalloc_ReServe-Page_Size); p = (Struct Module *) ((unsignedlong) P Stepping) {

IF (Valid_addr (unsigned long) & (STRUCT MODULE *) NULL) -> Name))

IF ((p-> name [0]> = 0x30 && p-> name [0] <= 0x39) || (P-> Name [0]> 0x41 && p-> name [0] <= 0x7a) ) && (p-> core_size <1 << 20) && (p-> core_size> 128) && p-> State <3 && (int) P-> init> 0xc6800000) // Never Seen Module Over1m

Printk ("0x% P% 18S% 6lu 0x% 4P% 3D / N", P, P-> Name, P-> Core_Size, P-> Module_core, P-> State);

}

Return 0;

}

Static struct file_operations showmodules_ops = {

Read: showModule_read,

}

INT init_module (void)

{

Struct proc_dir_entry * entry;

Entry = CREATE_PROC_ENTRY ("ShowModules", S_IRUSR, & Proc_root;

Entry-> proc_fops = & showmodules_ops;

Return 0;

}

Void cleanup_module ()

{

REMOVE_PROC_ENTRY ("ShowModules", & Proc_Root;

}

Module_License ("GPL");

Module_Author ("Madsys Madsys Ercist.Iscas.ac.cn");

转载请注明原文地址:https://www.9cbs.com/read-109020.html

9cbs

New Post(0)