Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Replacing Kernel Functions via a LKM

From: dr () DURSEC COM (Dragos Ruiu)
Date: Thu, 27 Apr 2000 21:51:49 -0700

On Thu, 27 Apr 2000, Granquist, Lamont wrote:

Is there a way to intercept calls to a given function in the kernel via a
LKM?  Specifically I'd like to intercept proc_root_lookup() in in
fs/proc/root.c and replace it with my own procedure. (motivation for doing
so is left as an excersize to the reader)


I would think so...
Why not patch the kernel in ram to replace a chunk of the proc itself at
the beginning of it to jump to your own code... it can then do the work of the
overwritten proc code and whatever...err... else you want to do.

Doing so is left as an excercise for the reader. :-)
But, I don't know why they would ever want to do such a thing....

--
dursec.com / kyx.net - we're from the future                      http://www.dursec.com
learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver

Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld,
 Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD
   Lance Spitzner/Sun, Fyodor Yarochkin/KALUG, Max Vision/whitehats.com
Previous By Date Next
Previous By Thread Next

Current thread: