如何访问内核模块中的任何内核符号? [英] How do I access any kernel symbol in a kernel module?
问题描述
我想在内核模块中使用功能getname
.它不会导出.由于我现在遇到了这个问题,所以我想知道如何访问和使用任何未导出的内核符号.我认为使用一个符号所必需的步骤会有所不同,具体取决于符号是什么,因此我想了解如何对类型(例如,结构),变量,指针表(例如系统)完成操作调用表)和一个函数.在以下两种情况下如何完成这些操作:
I am wanting to use the function getname
in my kernel module. It is not exported. Since I am running into this problem right now, I would like to know how to access and use any kernel symbol that is not exported. I figure that the steps necessary to use one will differ depending what the symbol is, so I'd like to see how it would be done for a type (e.g., a struct), a variable, a table of pointers (like the system call table), and a function. How can these be done in either of these cases:
- 当我从
System.map
或/proc/kallsyms
知道符号的地址时. - 当我知道符号的名称并想要使用
kallsyms_lookup_name
进行检索时.
- When I know the address of the symbol from
System.map
or/proc/kallsyms
. - When I know the name of the symbol and want to use
kallsyms_lookup_name
in retrieving it.
我目前知道如何劫持系统调用,这需要声明类似内容
I currently know how to hijack system calls and this requires declaring something like
asmlinkage <return_type> (*<name_for_system_call>)(<the types of the its arguments separated by commas>);
会使用类似的东西吗?在http://stackoverflow.com/a/32968387/1953537回答另一个问题时,张贴者提供的示例是
Would something like that be used? In http://stackoverflow.com/a/32968387/1953537 answer to another question, the example presented by the poster is
#include <linux/kallsyms.h>
static void (*machine_power_off_p)(void);
machine_power_off = (void*) kallsyms_lookup_name("machine_power_off");
但是如果该符号返回一个指针怎么办?我可以在(*machine_power_off_p)
的左侧放置一个星号吗?
But what if the symbol returns a pointer? Would I place an asterisk to the left of (*machine_power_off_p)
?
推荐答案
#include <linux/fs.h>
声明extern struct filename *getname(const char __user *);
.指向此函数的指针的类型为struct filename *(*)(const char __user *)
.如果声明该类型的变量,则变量名称在(*)
中的*
之后.因此,您可以声明该类型的变量,并为它分配kallsyms_lookup_name("getname")
的返回值,如下所示:
#include <linux/fs.h>
declares extern struct filename *getname(const char __user *);
. A pointer to this function has type struct filename *(*)(const char __user *)
. If declaring a variable of that type, the variable name goes after the *
in (*)
. So you can declare a variable of that type and assign the return value of kallsyms_lookup_name("getname")
to it as follows:
static struct filename *(*getname_p)(const char __user *);
getname_p = (struct filename *(*)(const char __user *))
kallsyms_lookup_name("getname");
对于要使用数字地址的其他情况,只需将kallsyms_lookup_name
函数调用替换为实际数字即可(kallsyms_lookup_name
仍将符号值作为数字返回).
For your other case where you want to use a numeric address, just replace the kallsyms_lookup_name
function call with the actual number (kallsyms_lookup_name
returns the symbol value as a number anyway).
这篇关于如何访问内核模块中的任何内核符号?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!