Some Random Thoughts..
Just a place to put some random thoughts..

Yesterday I wanted to test SOS. But due to "some" problem I was not able to setup the test environment.

This led me to write some kernel module that hijacks some system call. This was easy in 2.4 kernel because was exported. But in 2.6 kernel, they are not exporting the table. Finally, I came up with a (rather good) idea. I used my recent knowledge of cryptanalysis and found the location of sys_call_table in the memory. The thing is. in sys_call_table, there are multiple entries for "sys_ni_syscall". So if you search for that pattern, you will get some idea about the sys_call_table location.

This is very similar to frequency analysis. I was on the cloud #9 when I thought of this. :)

Tonight I will test SOS! :)
Previous posts
Latest Blogged links
Archived Thoughts
Powered by Blogger
Wednesday, August 25, 2004
Patterns in kernel binary.
Yesterday I wanted to test SOS. But due to "some" problem I was not able to setup the test environment.

This led me to write some kernel module that hijacks some system call. This was easy in 2.4 kernel because was exported. But in 2.6 kernel, they are not exporting the table. Finally, I came up with a (rather good) idea. I used my recent knowledge of cryptanalysis and found the location of sys_call_table in the memory. The thing is. in sys_call_table, there are multiple entries for "sys_ni_syscall". So if you search for that pattern, you will get some idea about the sys_call_table location.

This is very similar to frequency analysis. I was on the cloud #9 when I thought of this. :)

Tonight I will test SOS! :)

posted by rumplestiltskin @ 2:44 pm 0 comments

0 Comments:


Post a Comment