Linux 系统调用劫持x64-无法在FFFFFF91000018处处理内核分页请求
我编写了一个内核模块,它替换了Linux 系统调用劫持x64-无法在FFFFFF91000018处处理内核分页请求,linux,module,kernel,system-calls,Linux,Module,Kernel,System Calls,我编写了一个内核模块,它替换了syscall,但出现了一个问题。无法加载模块,因为内存中有问题。我试着修了3个小时,但还是不起作用。当我选择memory closersys\u call\u table(例如,来自/proc/kallsyms的linux\u横幅地址)时,此代码正在工作,但它并不总是工作 问题通常是,当搜索syscall表的函数指向地址的末尾是18时(例如ffffffff91000018,ffffffff81000018) 为什么它不起作用 代码: #包括 #包括 #包括 #包括
syscallsys\u call\u table/proc/kallsymsffffffff91000018ffffffff81000018#包括
#包括
#包括
#包括
#包括
#包括
#包括
/*64位内核空间的开始是0xFFFFFF8000000*/
#定义64位内核的END_MEM 0xffffffffffffffff/*END*/
#定义START_MEM 0xffffffff81000000
无符号长**syscall\u选项卡;
asmlong(*orig_mkdir)(常量字符用户*路径名,umode_t模式);
asmlong my_mkdir(常量字符用户*路径名,umode模式)
{
长ret;
ret=orig_mkdir(路径名,模式);
printk(“创建目录:%s”,路径名);
返回ret;
}
静态空心隐藏(空心)
{
列表删除(&此模块->列表);
kobject_del(&THIS_MODULE->mkobj.kobj);
}
静态无符号长**查找(无效){
无符号长**sctable;
无符号长i=START\u MEM;
而(i[ 299.273838] BUG: unable to handle kernel paging request at ffffffff91000018
[ 299.273856] IP: init+0x23/0x1000 [hijack1]
[ 299.273860] PGD b6a0c067
[ 299.273861] P4D b6a0c067
[ 299.273863] PUD b6a0d063
[ 299.273866] PMD 0
[ 299.273872] Oops: 0000 [#1] PREEMPT SMP
[ 299.273877] Modules linked in: hijack1(O+) fuse rfcomm bnep nls_iso8859_1 nls_cp437 vfat fat intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel pcbc aesni_intel joydev ppdev hp_wmi mousedev iTCO_wdt aes_x86_64 sparse_keymap iTCO_vendor_support mei_wdt crypto_simd psmouse glue_helper pcspkr evdev input_leds cryptd mac_hid intel_cstate intel_rapl_perf uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core btusb btrtl btbcm btintel bluetooth cdc_ether ecdh_generic usbnet videodev uas media mii hid_generic nouveau mxm_wmi ttm arc4 drm_kms_helper iwldvm drm syscopyarea sysfillrect mac80211 sysimgblt iwlwifi fb_sys_fops parport_pc parport snd_hda_codec_hdmi i2c_algo_bit snd_hda_codec_idt cfg80211
[ 299.273953] rfkill snd_hda_codec_generic hp_accel thermal lis3lv02d wmi input_polldev tpm_infineon video ac battery button snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm shpchp snd_timer e1000e snd ptp soundcore tpm_tis mei_me mei pps_core lpc_ich tpm_tis_core tpm sch_fq_codel vboxnetflt(O) vboxnetadp(O) pci_stub vboxpci(O) vboxdrv(O) sg ip_tables x_tables ext4 crc16 jbd2 fscrypto mbcache sr_mod sd_mod cdrom usb_storage usbhid hid serio_raw atkbd libps2 ahci libahci libata scsi_mod xhci_pci xhci_hcd ehci_pci sdhci_pci ehci_hcd sdhci firewire_ohci led_class firewire_core mmc_core crc_itu_t usbcore usb_common i8042 serio
[ 299.274005] CPU: 2 PID: 3384 Comm: insmod Tainted: G O 4.12.4-1-ARCH #1
[ 299.274009] Hardware name: Hewlett-Packard HP EliteBook 8560w/1631, BIOS 68SVD Ver. F.60 03/12/2015
[ 299.274014] task: ffff90127cc0c740 task.stack: ffffb72907298000
[ 299.274019] RIP: 0010:init+0x23/0x1000 [hijack1]
[ 299.274023] RSP: 0018:ffffb7290729bc88 EFLAGS: 00010206
[ 299.274027] RAX: 0000000080040033 RBX: ffffffff91000000 RCX: 0000000000000000
[ 299.274031] RDX: 00000000004bec82 RSI: 00000000004bec82 RDI: 0000000080040033
[ 299.274036] RBP: ffffb7290729bc90 R08: ffff901339003980 R09: ffffffffa018970a
[ 299.274040] R10: ffffe481c211ebc0 R11: 0000000000000000 R12: ffffffffc0030000
[ 299.274044] R13: ffff9012377965e0 R14: ffffffffc0a81050 R15: ffff90132e0eca80
[ 299.274049] FS: 00007f9a842a4b80(0000) GS:ffff90133dc80000(0000) knlGS:0000000000000000
[ 299.274053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080040033
[ 299.274057] CR2: ffffffff91000018 CR3: 000000007cdb9000 CR4: 00000000000406e0
[ 299.274061] Call Trace:
[ 299.274068] do_one_initcall+0x50/0x190
[ 299.274073] ? do_init_module+0x27/0x1e6
[ 299.274077] do_init_module+0x5f/0x1e6
[ 299.274082] load_module+0x2610/0x2ab0
[ 299.274087] ? vfs_read+0x115/0x130
[ 299.274091] SYSC_finit_module+0xf6/0x110
[ 299.274095] ? SYSC_finit_module+0xf6/0x110
[ 299.274100] SyS_finit_module+0xe/0x10
[ 299.274105] entry_SYSCALL_64_fastpath+0x1a/0xa5
[ 299.274109] RIP: 0033:0x7f9a839b3bb9
[ 299.274111] RSP: 002b:00007ffd2386ee28 EFLAGS: 00000206 ORIG_RAX: 0000000000000139
[ 299.274120] RAX: ffffffffffffffda RBX: 00007f9a83c74aa0 RCX: 00007f9a839b3bb9
[ 299.274124] RDX: 0000000000000000 RSI: 000000000041aada RDI: 0000000000000003
[ 299.274128] RBP: 00007f9a83c74af8 R08: 0000000000000000 R09: 00007f9a83c76e40
[ 299.274132] R10: 0000000000000003 R11: 0000000000000206 R12: 0000000000001020
[ 299.274136] R13: 0000000000001018 R14: 00007f9a83c74af8 R15: 0000000000000001
[ 299.274141] Code: <48> 81 7b 18 40 a8 21 a0 75 2d 48 8b 35 14 13 a5 00 48 c7 c7 35 00
[ 299.276347] RIP: init+0x23/0x1000 [hijack1] RSP: ffffb7290729bc88
[ 299.277333] CR2: ffffffff91000018
[ 299.283408] ---[ end trace 63ac9e1e3a0e12c3 ]---
[299.273838]错误:无法在FFFFFF91000018处理内核分页请求
[299.273856]IP:init+0x23/0x1000[1]
[299.273860]PGD b6a0c067
[299.273861]P4D b6a0c067
[299.273863]PUD b6a0d063
[299.273866]PMD 0
[299.273872]Oops:0000[#1]抢占SMP
[299.273877]模块链接到:1(O+)fuse rfcomm bnep nls_iso8859_1 nls_cp437 vfat fat intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel pcbc aesni_intel joydev ppdev hp_wmi mousedev iTCO_wdt aes_x86_64稀疏键图iTCO供应商支持mei wdt加密SIMU SPU鼠标输入LED加密mac\u hid intel\u cstate intel_rapl\u perf uvcvideo videobuf2\u vmalloc videobuf2\u memops videobuf2\u v4l2 videobuf2\u core btusb btrtl btbcm btintel bluetooth cdc_ether ecdh\u generic usbnet videodev uas media mii hid\u generic nouveau mxm\u wmi ttm arc4 drm\u kms\u helper iwldvm syscopyarea SysFillMac80211 sysimgblt iwlwifi fb\u fopsparport\u pc parport snd\u hda\u编解码器\u hdmi i2c\u算法\u位snd\u hda\u编解码器\u idt cfg80211
[299.273953]rfkill snd_hda_codec_generic hp_accel thermal lis3lv02d wmi input_polldev tpm_infineon视频交流电池按钮snd_hda_intel snd_hda_codec_snd_hwdep snd_pcm shpchp snd_计时器e1000e snd ptp soundcore tpm_tpm_tis mei mei mei pps_core lpc_ich tpm_tis_tis_core tpm_tpm_tpm_core tpm_sch sch FQU CODEP(NetVBO OxO)pci(NetVboxO)stub DRV(O) sg ip_tables x_tables ext4 crc16 jbd2 fscrypto mbcache sr_mod sd_mod cdrom usb_存储器usbhid hid serio_raw atkbd libps2 ahci libahci libata scsi_mod xhci_pci xhci_hcd ehci_pci sdhcd sdhcd sdhci_ehci_ohci led_class火线mmc_core crc_itu usbcore usb_common i8042 serio
[299.274005]CPU:2 PID:3384通信:insmod受污染:GO 4.12.4-1-ARCH#1
[299.274009]硬件名称:惠普HP精英电子书8560w/1631,BIOS 68SVD版本F.60 03/12/2015
[299.274014]任务:ffff90127cc0c740任务。堆栈:ffffb72907298000
[299.274019]RIP:0010:init+0x23/0x1000[1]
[299.274023]RSP:0018:ffffb7290729bc88 EFLAGS:00010206
[299.274027]RAX:0000000080040033 RBX:FFFFFFFFFF91000000RCX:0000000000000000
[299.274031]RDX:0000000000 4BEC82 RSI:0000000000 4BEC82 RDI:00000000 80040033
[299.274036]RBP:ffffb7290729bc90 R08:FFFF90133903980 R09:FFFFFFFFFFA018970A
[299.274040]R10:FFFF481C211EBC0 R11:0000000000000000 R12:ffffffffc0030000
[299.274044]R13:ffff9012377965e0 R14:FFFFFFFFFFC0A81050 R15:ffff90132e0eca80
[299.274049]FS:00007f9a842a4b80(0000)GS:ffff90133dc80000(0000)KNLG:0000000000000000000000
[299.274053]CS:0010 DS:0000 ES:0000 CR0:00000000 80040033
[299.274057]CR2:FFFFFFFF 91000018 CR3:00000000 7CDB9000 CR4:00000000000406e0
[299.274061]呼叫跟踪:
[299.274068]do_one_initcall+0x50/0x190
[299.274073]?do_init_模块+0x27/0x1e6
[299.274077]do_init_模块+0x5f/0x1e6
[299.274082]加载_模块+0x2610/0x2ab0
[299.274087]?vfs_读取+0x115/0x130
[299.274091]系统限定模块+0xf6/0x110
[299.274095]?系统限定模块+0xf6/0x110
[299.274100]系统限定模块+0xe/0x10
[299.274105]条目\u系统调用\u 64\u快速路径+0x1a/0xa5
[299.274109]RIP:0033:0x7f9a839b3bb9
[299.274111]RSP:002b:00007ffd2386ee28 EFLAGS:00000206来源:0000000000000139
[299.274120]RAX:FFFFFFFFFFFFFF DA RBX:00007f9a83c74aa0 RCX:00007f9a839b3bb9
[299.274124]RDX:0000000000000000 RSI:0000000000 41AADA RDI:00000000000000000003
[299.274128]RBP:00007f9a83c74af8 R08:0000000000000000 R09:00007f9a83c76e40
[299.274132]R10:0000000000000003 R11:00000000000000206 R12:0000000000001020
[299.274136]R13:0000000000001018 R14:00007f9a83c74af8 R15:0000000000000000001
[299.274141]代码:81 7b 1
[ 299.273838] BUG: unable to handle kernel paging request at ffffffff91000018
[ 299.273856] IP: init+0x23/0x1000 [hijack1]
[ 299.273860] PGD b6a0c067
[ 299.273861] P4D b6a0c067
[ 299.273863] PUD b6a0d063
[ 299.273866] PMD 0
[ 299.273872] Oops: 0000 [#1] PREEMPT SMP
[ 299.273877] Modules linked in: hijack1(O+) fuse rfcomm bnep nls_iso8859_1 nls_cp437 vfat fat intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel pcbc aesni_intel joydev ppdev hp_wmi mousedev iTCO_wdt aes_x86_64 sparse_keymap iTCO_vendor_support mei_wdt crypto_simd psmouse glue_helper pcspkr evdev input_leds cryptd mac_hid intel_cstate intel_rapl_perf uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core btusb btrtl btbcm btintel bluetooth cdc_ether ecdh_generic usbnet videodev uas media mii hid_generic nouveau mxm_wmi ttm arc4 drm_kms_helper iwldvm drm syscopyarea sysfillrect mac80211 sysimgblt iwlwifi fb_sys_fops parport_pc parport snd_hda_codec_hdmi i2c_algo_bit snd_hda_codec_idt cfg80211
[ 299.273953] rfkill snd_hda_codec_generic hp_accel thermal lis3lv02d wmi input_polldev tpm_infineon video ac battery button snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm shpchp snd_timer e1000e snd ptp soundcore tpm_tis mei_me mei pps_core lpc_ich tpm_tis_core tpm sch_fq_codel vboxnetflt(O) vboxnetadp(O) pci_stub vboxpci(O) vboxdrv(O) sg ip_tables x_tables ext4 crc16 jbd2 fscrypto mbcache sr_mod sd_mod cdrom usb_storage usbhid hid serio_raw atkbd libps2 ahci libahci libata scsi_mod xhci_pci xhci_hcd ehci_pci sdhci_pci ehci_hcd sdhci firewire_ohci led_class firewire_core mmc_core crc_itu_t usbcore usb_common i8042 serio
[ 299.274005] CPU: 2 PID: 3384 Comm: insmod Tainted: G O 4.12.4-1-ARCH #1
[ 299.274009] Hardware name: Hewlett-Packard HP EliteBook 8560w/1631, BIOS 68SVD Ver. F.60 03/12/2015
[ 299.274014] task: ffff90127cc0c740 task.stack: ffffb72907298000
[ 299.274019] RIP: 0010:init+0x23/0x1000 [hijack1]
[ 299.274023] RSP: 0018:ffffb7290729bc88 EFLAGS: 00010206
[ 299.274027] RAX: 0000000080040033 RBX: ffffffff91000000 RCX: 0000000000000000
[ 299.274031] RDX: 00000000004bec82 RSI: 00000000004bec82 RDI: 0000000080040033
[ 299.274036] RBP: ffffb7290729bc90 R08: ffff901339003980 R09: ffffffffa018970a
[ 299.274040] R10: ffffe481c211ebc0 R11: 0000000000000000 R12: ffffffffc0030000
[ 299.274044] R13: ffff9012377965e0 R14: ffffffffc0a81050 R15: ffff90132e0eca80
[ 299.274049] FS: 00007f9a842a4b80(0000) GS:ffff90133dc80000(0000) knlGS:0000000000000000
[ 299.274053] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080040033
[ 299.274057] CR2: ffffffff91000018 CR3: 000000007cdb9000 CR4: 00000000000406e0
[ 299.274061] Call Trace:
[ 299.274068] do_one_initcall+0x50/0x190
[ 299.274073] ? do_init_module+0x27/0x1e6
[ 299.274077] do_init_module+0x5f/0x1e6
[ 299.274082] load_module+0x2610/0x2ab0
[ 299.274087] ? vfs_read+0x115/0x130
[ 299.274091] SYSC_finit_module+0xf6/0x110
[ 299.274095] ? SYSC_finit_module+0xf6/0x110
[ 299.274100] SyS_finit_module+0xe/0x10
[ 299.274105] entry_SYSCALL_64_fastpath+0x1a/0xa5
[ 299.274109] RIP: 0033:0x7f9a839b3bb9
[ 299.274111] RSP: 002b:00007ffd2386ee28 EFLAGS: 00000206 ORIG_RAX: 0000000000000139
[ 299.274120] RAX: ffffffffffffffda RBX: 00007f9a83c74aa0 RCX: 00007f9a839b3bb9
[ 299.274124] RDX: 0000000000000000 RSI: 000000000041aada RDI: 0000000000000003
[ 299.274128] RBP: 00007f9a83c74af8 R08: 0000000000000000 R09: 00007f9a83c76e40
[ 299.274132] R10: 0000000000000003 R11: 0000000000000206 R12: 0000000000001020
[ 299.274136] R13: 0000000000001018 R14: 00007f9a83c74af8 R15: 0000000000000001
[ 299.274141] Code: <48> 81 7b 18 40 a8 21 a0 75 2d 48 8b 35 14 13 a5 00 48 c7 c7 35 00
[ 299.276347] RIP: init+0x23/0x1000 [hijack1] RSP: ffffb7290729bc88
[ 299.277333] CR2: ffffffff91000018
[ 299.283408] ---[ end trace 63ac9e1e3a0e12c3 ]---