Linux 输入的完整asm代码(int3)
目前,我想在Linux-3.13.1内核中挂接x86-32 int3处理程序 首先,我检查条目_32.S中的asm代码 我发现相关代码如下:Linux 输入的完整asm代码(int3),linux,kernel,Linux,Kernel,目前,我想在Linux-3.13.1内核中挂接x86-32 int3处理程序 首先,我检查条目_32.S中的asm代码 我发现相关代码如下: ENTRY(int3) RING0_INT_FRAME ASM_CLAC pushl_cfi $-1 # mark this as an int SAVE_ALL TRACE_IRQS_OFF xorl %edx,%edx # zero error code movl %
ENTRY(int3)
RING0_INT_FRAME
ASM_CLAC
pushl_cfi $-1 # mark this as an int
SAVE_ALL
TRACE_IRQS_OFF
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_int3
jmp ret_from_exception
CFI_ENDPROC
END(int3)
#define SAVE_ALL \
"pushl %%eax\n\t" \
"pushl %%ebp\n\t" \
"pushl %%edi\n\t" \
"pushl %%esi\n\t" \
"pushl %%edx\n\t" \
"pushl %%ecx\n\t" \
"pushl %%ebx\n\t" \
//get the addr from the system.map
unsigned long ret_from_exception=0xc1642fc0;
unsigned long do_int3=0xc1643c70;
__asm__ (
...
"go_here: \n\t"
"pushl $-1 \n\t"
SAVE_ALL
"xorl %%edx,%%edx \n\t"
"movl %%esp,%%eax \n\t"
"call *do_int3 \n\t"
"jmp *ret_from_exception \n\t"
:: );
}
然后,我编写一个内核模块来钩住这个条目(int3),如下所示:
ENTRY(int3)
RING0_INT_FRAME
ASM_CLAC
pushl_cfi $-1 # mark this as an int
SAVE_ALL
TRACE_IRQS_OFF
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_int3
jmp ret_from_exception
CFI_ENDPROC
END(int3)
#define SAVE_ALL \
"pushl %%eax\n\t" \
"pushl %%ebp\n\t" \
"pushl %%edi\n\t" \
"pushl %%esi\n\t" \
"pushl %%edx\n\t" \
"pushl %%ecx\n\t" \
"pushl %%ebx\n\t" \
//get the addr from the system.map
unsigned long ret_from_exception=0xc1642fc0;
unsigned long do_int3=0xc1643c70;
__asm__ (
...
"go_here: \n\t"
"pushl $-1 \n\t"
SAVE_ALL
"xorl %%edx,%%edx \n\t"
"movl %%esp,%%eax \n\t"
"call *do_int3 \n\t"
"jmp *ret_from_exception \n\t"
:: );
}
不幸的是,内核模块无法工作
[ 5359.750705] task: e9095a90 ti: e809a000 task.ti: e809a000
[ 5359.750709] EIP: 0060:[<c1645686>] EFLAGS: 00010046 CPU: 0
[ 5359.750717] EIP is at kprobe_exceptions_notify+0xf6/0x460
[ 5359.750720] EAX: 00000000 EBX: 0000007b ECX: 00000000 EDX: 0000007a
[ 5359.750723] ESI: e809bfc4 EDI: c1a4f100 EBP: e809bf58 ESP: e809bf30
[ 5359.750726] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068
[ 5359.750729] CR0: 8004003b CR2: b76806c0 CR3: 2a944000 CR4: 000007f0
[ 5359.750731] Stack:
[ 5359.750733] 00000000 ea0880b6 000004df c1a54400 0000007a c1a54400 f7b84400 c1909a88
[ 5359.750741] 00000000 c190c328 e809bf74 c1646be5 e809bf8c 00000002 e809bfc4 00000000
[ 5359.750748] 00000000 e809bf84 c1646c52 fffffffe 00000000 e809bfa0 c1646c8d e809bfc4
[ 5359.750755] Call Trace:
[ 5359.750763] [<c1646be5>] notifier_call_chain+0x45/0x60
[ 5359.750768] [<c1646c52>] atomic_notifier_call_chain+0x22/0x30
[ 5359.750773] [<c1646c8d>] notify_die+0x2d/0x30
[ 5359.750777] [<c1643cf4>] do_int3+0x84/0x100
[5359.750705]任务:e9095a90 ti:e809a000任务。ti:e809a000
[5359.750709]EIP:0060:[]EFLAGS:00010046 CPU:0
[5359.750717]EIP位于kprobe\u异常通知+0xf6/0x460
[5359.750720]EAX:00000000 EBX:0000007b ECX:00000000 EDX:0000007a
[5359.750723]ESI:e809bfc4 EDI:c1a4f100 EBP:e809bf58 ESP:e809bf30
[5359.750726]DS:007b ES:007b FS:0000 GS:00e0 SS:0068
[5359.750729]CR0:8004003b CR2:b76806c0 CR3:2a944000 CR4:000007f0
[5359.750731]堆栈:
[5359.750733]00000000 ea0880b6 00000 4DF C1A5440000000 7A c1a54400 f7b84400 c1909a88
[5359.750741]00000000 c190c328 e809bf74 c1646be5 e809bf8c 0000000 2 e809bfc4 00000000
[5359.750748]00000000 e809bf84 c1646c52 FFFFFFF E 00000000 e809bfa0 c1646c8d e809bfc4
[5359.750755]呼叫跟踪:
[5359.750763][]通知程序调用链+0x45/0x60
[5359.750768][]原子通知程序调用链+0x22/0x30
[5359.750773][]通知模具+0x2d/0x30
[5359.750777][]do_int3+0x84/0x100
我认为条目(int3)asm传输可能不正确
如何将宏环0\u INT\u FRAM ASM\u CLAC传输到ASM代码