Re: Replacing Kernel Functions via a LKM

[lamagra () HACKERMAIL NET (Lamagra Argamal)]

There is a way.
You can do it easily, if you know the address of the function you're replacing. This can be done by looking it up in 
System.map or by looking up a well known nearby function and calculating the address.

Replacing would be done in the following way:
 1. save startbytes of function
 2. replace them with a jump to your code (address in LKM)
 3. wait

To clean up just put the origional code back.

btw: I have some working examples if you'd like to see them just mail me <access-granted () geocities com>, please 
don't reply to this mailaddy (it's bugtraq/vulndev only)

lamagra

Send someone a cool Dynamitemail flashcard greeting!! And get rewarded.
GO AHEAD! http://cards.dynamitemail.com/index.php3?rid=fc-41