Some Random Thoughts..
Just a place to put some random thoughts..

Yesterday I wanted to test SOS. But due to "some" problem I was not able to setup the test environment.

This led me to write some kernel module that hijacks some system call. This was easy in 2.4 kernel because sys_call_table was exported. But in 2.6 kernel, they are not exporting the table. Finally, I came up with a (rather good) idea. I used my recent knowledge of cryptanalysis and found the location of sys_call_table in the memory. The thing is. in sys_call_table, there are multiple entries for "sys_ni_syscall". So if you search for that pattern, you will get some idea about the sys_call_table location.

This is very similar to frequency analysis. I was on the cloud #9 when I thought of this. :)

Tonight I will test SOS! :)
Previous posts
Latest Blogged links
Archived Thoughts
Powered by Blogger
Wednesday, August 25, 2004
Patterns in kernel binary.
Yesterday I wanted to test SOS. But due to "some" problem I was not able to setup the test environment.

This led me to write some kernel module that hijacks some system call. This was easy in 2.4 kernel because sys_call_table was exported. But in 2.6 kernel, they are not exporting the table. Finally, I came up with a (rather good) idea. I used my recent knowledge of cryptanalysis and found the location of sys_call_table in the memory. The thing is. in sys_call_table, there are multiple entries for "sys_ni_syscall". So if you search for that pattern, you will get some idea about the sys_call_table location.

This is very similar to frequency analysis. I was on the cloud #9 when I thought of this. :)

Tonight I will test SOS! :)

posted by rumplestiltskin @ 2:44 pm 0 comments

0 Comments:


Post a Comment