LKM && hack sys_execve
kratochvil jiri
kratochvil na dbsystem.com
Čtvrtek Březen 6 10:46:57 CET 2003
On Thu, Mar 06, 2003 at 10:34:56AM +0100, Jirka Kosina wrote:
> On Thu, 6 Mar 2003, kratochvil jiri wrote:
> > return (*orig_execve)(filename, argv, envp, regs);
>
> Zkuste spise neco jako
>
> return orig_execve(filename, argv, envp, regs);
jo to jsem taky zkousel, tohle je uz po nekolikerym zkouseni.
tady je jeste pro jistotu vypis chyby:
Mar 5 17:13:45 station15 kernel: exec hack loaded :))
Mar 5 17:13:47 station15 kernel: Hacked execve called
Mar 5 17:13:47 station15 kernel: Unable to handle kernel NULL pointer dereference at virtual address 00000023
Mar 5 17:13:47 station15 kernel: printing eip:
Mar 5 17:13:47 station15 kernel: 00000023
Mar 5 17:13:47 station15 kernel: *pde = 00000000
Mar 5 17:13:47 station15 kernel: Oops: 0000
Mar 5 17:13:47 station15 kernel: CPU: 0
Mar 5 17:13:47 station15 kernel: EIP: 0010:[<00000023>] Tainted: P
Mar 5 17:13:47 station15 kernel: EFLAGS: 00010282
Mar 5 17:13:47 station15 kernel: eax: 00000000 ebx: 00000000 ecx: c2781980 edx: 00000000
Mar 5 17:13:47 station15 kernel: esi: 080ef5b8 edi: 080fef68 ebp: 400012d0 esp: c1fdbfc4
Mar 5 17:13:47 station15 kernel: ds: 0018 es: 0018 ss: 0018
Mar 5 17:13:47 station15 kernel: Process ls (pid: 21267, stackpage=c1fdb000)
Mar 5 17:13:47 station15 kernel: Stack: 080fef68 bffff980 0000002b 080ef5b8 080fef68 bffff630 0000000 b 0000002b
Mar 5 17:13:47 station15 kernel: 0000002b 0000000b 400d06f9 00000023 00000246 bffff614 0000002 b
Mar 5 17:13:47 station15 kernel: Call Trace:
Mar 5 17:13:48 station15 kernel:
Mar 5 17:13:48 station15 kernel: Code: Bad EIP value.
--
KLoK
Další informace o konferenci Linux