static void init_x64_syscalls(void)
{
int i;
void* system_call_addr = 0;
unsigned char* lpbin;
rdmsrl(MSR_LSTAR, system_call_addr);
printk(KERN_ALERT "X64 init_linux_shell %x \n", system_call_addr);
for (lpbin = (char*)system_call_addr, i = 0; i < 255; i++) {
/*
* 测试发现 call指令对应特征码为 ff 14 c5
*/
if (lpbin[i] == 0xff && lpbin[i+1]== 0x14){
unsigned long long* sys_call_table =
(0xffffffff00000000) + *(unsigned int*)(lpbin + i + 3);
printk(KERN_ALERT "sys_call_table %p\n", sys_call_table);
printk(KERN_ALERT "sys_mknode %p\n",sys_call_table[__NR_mknod]);
break;
}
}
}
{
int i;
void* system_call_addr = 0;
unsigned char* lpbin;
rdmsrl(MSR_LSTAR, system_call_addr);
printk(KERN_ALERT "X64 init_linux_shell %x \n", system_call_addr);
for (lpbin = (char*)system_call_addr, i = 0; i < 255; i++) {
/*
* 测试发现 call指令对应特征码为 ff 14 c5
*/
if (lpbin[i] == 0xff && lpbin[i+1]== 0x14){
unsigned long long* sys_call_table =
(0xffffffff00000000) + *(unsigned int*)(lpbin + i + 3);
printk(KERN_ALERT "sys_call_table %p\n", sys_call_table);
printk(KERN_ALERT "sys_mknode %p\n",sys_call_table[__NR_mknod]);
break;
}
}
}
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
