Anonymous
Wie kann ich die ausführbare Datei in sys_execve () ändern
Post
by Anonymous » 12 Mar 2025, 12:18
Ich versuche, "/usr/bin/echo" durch "/usr/bin/ls" in sys_execve () zu ersetzen, der geänderte Code ist der folgende.
Code: Select all
SYSCALL_DEFINE3(execve,
const char __user *, filename,
const char __user *const __user *, argv,
const char __user *const __user *, envp)
{
const char *kernel_filename;
kernel_filename = strndup_user(filename, PATH_MAX);
if (IS_ERR(kernel_filename)) {
return PTR_ERR(kernel_filename);
}
if (strcmp(kernel_filename, "/usr/bin/echo") == 0) {
printk(KERN_INFO "Modifying from %s to /usr/bin/ls\n", kernel_filename);
const char * const* k_argv;
const char * const* k_envp;
int argc = 0;
int envc = 0;
copy_exec_args(argv, envp, &k_argv, &k_envp, &argc, &envc);
int res = kernel_execve("/usr/bin/ls", k_argv, k_envp);
kfree(kernel_filename);
if (k_argv) {
for (int i = 0; i < argc; i++)
kfree(k_argv[i]);
kfree(k_argv);
}
if (k_envp) {
for (int i = 0; i < envc; i++)
kfree(k_envp[i]);
kfree(k_envp);
}
return res;
}
kfree(kernel_filename);
return do_execve(getname(filename), argv, envp);
}
< /code>
Führen Sie QEMU aus: < /p>
qemu-system-x86_64 \
-kernel ./linux/arch/x86_64/boot/bzImage \
-initrd ./ram.img \
-drive file=vm-disk.qcow2,format=qcow2 \
-m 2G \
-append "root=/dev/sda rw console=ttyS0" \
-nographic
Test/usr/bin/echo -Befehl:
Code: Select all
(initramfs) /usr/bin/echo hello
[ 195.914196] Modifying from /usr/bin/echo to /usr/bin/ls
[ 195.915116] kernel_execve: /usr/bin/ls
[ 195.915931] /usr/bin/ls
[ 195.916546] /usr/bin/ls
hello
Aber wenn ich den Kernel baue und in QEMU teste, wird es immer noch ausgeführt "/usr/bin/echo" anstelle von "/usr/bin/ls">
1741778280
Anonymous
Ich versuche, "/usr/bin/echo" durch "/usr/bin/ls" in sys_execve () zu ersetzen, der geänderte Code ist der folgende. [code]SYSCALL_DEFINE3(execve, const char __user *, filename, const char __user *const __user *, argv, const char __user *const __user *, envp) { const char *kernel_filename; kernel_filename = strndup_user(filename, PATH_MAX); if (IS_ERR(kernel_filename)) { return PTR_ERR(kernel_filename); } if (strcmp(kernel_filename, "/usr/bin/echo") == 0) { printk(KERN_INFO "Modifying from %s to /usr/bin/ls\n", kernel_filename); const char * const* k_argv; const char * const* k_envp; int argc = 0; int envc = 0; copy_exec_args(argv, envp, &k_argv, &k_envp, &argc, &envc); int res = kernel_execve("/usr/bin/ls", k_argv, k_envp); kfree(kernel_filename); if (k_argv) { for (int i = 0; i < argc; i++) kfree(k_argv[i]); kfree(k_argv); } if (k_envp) { for (int i = 0; i < envc; i++) kfree(k_envp[i]); kfree(k_envp); } return res; } kfree(kernel_filename); return do_execve(getname(filename), argv, envp); } < /code> Führen Sie QEMU aus: < /p> qemu-system-x86_64 \ -kernel ./linux/arch/x86_64/boot/bzImage \ -initrd ./ram.img \ -drive file=vm-disk.qcow2,format=qcow2 \ -m 2G \ -append "root=/dev/sda rw console=ttyS0" \ -nographic [/code] Test/usr/bin/echo -Befehl: [code](initramfs) /usr/bin/echo hello [ 195.914196] Modifying from /usr/bin/echo to /usr/bin/ls [ 195.915116] kernel_execve: /usr/bin/ls [ 195.915931] /usr/bin/ls [ 195.916546] /usr/bin/ls hello [/code] Aber wenn ich den Kernel baue und in QEMU teste, wird es immer noch ausgeführt "/usr/bin/echo" anstelle von "/usr/bin/ls">