ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi my friends
How I can hook interrupt 0x80 and sysenter via assembly code so that I can read cpu registers before interrupt execution?
Please help me andn if it's posible for u send me some approprate assembly code . sincerely u
tanx my friend
but i think it's possible but i don't know how ?
for example by write a module and replce it's address whit int 0x80 when system try to execute this interrupt first execute my module and after this handle interrupt.isn't it.
i need some assembly code that do this.
please guid me .
Distribution: slackware64 13.37 and -current, Dragonfly BSD
Posts: 1,810
Rep:
I do not really want to point you to certain sites as they may be deemed to be malicious and somewhat dubious however you may find valid information by searching for "system call hijacking","IDT","rootkit" and other related terms. What you are trying to do is a common approach for hackers and rootkit authors to try and gain privileged access to certain parts of a system. You may find out a lot by looking at the kernel source to see how the kernel initializes the IDT on boot up. Look at linux/arch/i386/{traps,head}.c in the kernel sources , amongst others.
As you can see this may be seen as being against forum rules and I trust the moderators will see that I am trying to be diplomatic and helpful here. Such topics should be of interest to anyone involved in Linux security and OS internals. This is not really a simple subject and you are best doing more research into this.
That vector is set up at boot time. If you want to hook it, you either have to compile your own kernel or write a plugin driver module that will do what you want to do, then invoke that driver module from a userspace program that presumably is running as root. You then could change the vector table.
All the documentation is available; it shouldn't be too tough to do.
And, yes. This is a technique that a cracker would use. But there are also legitimate uses for it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.