when modify the int 80 interrupt vector i run into some questions

qqrilxk · 04-18-2005, 07:09 AM

i want to modify the int 80 interrupt vector and i have write a c code for it .the code can be compiled sucessfully.but after i insmod it the machine is dead until i reboot it.
in the code i want to intercept the system call and get all the system call arguments.the code is only the sample.i hope you can give me any good suggest.
#define MODULE
#define KERNEL
#define GFP_KERNEL 0
#define NULL 0
#include <linux/module.h>
#include <linux/tty.h>

#include <linux/init.h>
#include <linux/slab.h>

unsigned long old_stub;
void my_stub();
struct descriptor_idt
{
unsigned short offset_low,seg_selector;
unsigned char reserved,flag;
unsigned short offset_high;
};
struct {
unsigned short limit;
unsigned long base;
}__attribute__ ((packed)) idtr;

void stub_kad(void)
{
__asm__ (
".globl my_stub \n"
".align 4,0x90 \n"
"my_stub: \n"
"call my_handler \n"
"jmp *old_stub"
::
);
}
//"call my_handler \n"
void my_handler()
{
printk("print register");
char *argu=(char *)kmalloc(12,GFP_KERNEL);
__asm__ __volatile__( "movl %%eax,%0 \n\t"
"movl %%ebx,%1 \n\t"
"movl %%ecx,%2 "

:"=m"(*((long*)(argu))),
"=m"(*(1+(long *)(argu))),
"=m"(*(2+(long *)(argu))) );
printk("<1>%d, %d, %d",*argu,*(argu+4),*(argu+8));
}
int init_module(void)
{

printk("start get_addr_idt");
__asm__ volatile ("sidt %0": "=m" (idtr));
printk("the idt address is %x\n",idtr.base);
struct descriptor_idt *idte=(struct descriptor_idt *)(idtr.base+8*0x80);
old_stub=(idte->offset_high<<16|idte->offset_low);
printk("<1>oldstub=%x\n",old_stub);
unsigned long new_addr=(unsigned long)my_stub;
idte->offset_high = (unsigned short) (new_addr >> 16);
idte->offset_low = (unsigned short) (new_addr & 0x0000FFFF);
printk("<1>newstub=%x\n",(idte->offset_high<<16|idte->offset_low));

return ;
}

void cleanup_module()
{

printk("destroy...b..\n");
__asm__ volatile ("sidt %0": "=m" (idtr));
struct descriptor_idt *idte=(struct descriptor_idt *)(idtr.base+8*0x80);
idte->offset_high = (unsigned short) (old_stub >> 16);
idte->offset_low = (unsigned short) (old_stub & 0x0000FFFF);
printk("<1>restore the stub=%x\n",(idte->offset_high<<16|idte->offset_low));

}

MODULE_LICENSE("GPL");

jonaskoelker · 04-18-2005, 01:13 PM

just a hint: put all code in code tags (bracket-begin "code" bracket-end your-code-here bracket-begin "/code" bracket-end (where bracket means the square one)).