I am trying to set the sys exit call to a variable by
extern void *sys_call_table[]; real_sys_exit = sys_call_table[__NR_exit] however, when I try to make, the console gives me the error
error: ‘__NR_exit’ undeclared (first use in this function) Any tips would be appreciated :) Thank you
Since you are in kernel 2.6.x , sys_call_table isnt exported any more. If you want to avoid the compilation error try this include
#include<linux/unistd.h> however, It will not work. So the work around to "play" with the sys_call_table is to find the address of sys_call_table in SystemXXXX.map (located at /boot) with this command:
grep sys_call System.map-2.6.X -i this will give the addres, then this code should allow you to modify the table:
unsigned long *sys_call_table; sys_call_table = (unsigned long *) simple_strtoul("0xc0318500",NULL,16); original_mkdir = sys_call_table[__NR_mkdir]; sys_call_table[__NR_mkdir] = mkdir_modificado; Hope it works for you, I have just tested it under kernel 2.6.24, so should work for 2.6.18
also check here, Its a very good http://commons.oreilly.com/wiki/index.php/Network_Security_Tools/Modifying_and_Hacking_Security_Tools/Fun_with_Linux_Kernel_Modules
strtoul on a static value? Why not just use a literal 0xc0318500? Also, this will fail on a relocatable kernel.If you haven't included the file syscall.h, you should do that ahead of the reference to __NR_exit. For example,
#include <syscall.h> #include <stdio.h> int main() { printf("%d\n", __NR_exit); return 0; } which returns:
$ cc t.c $ ./a.out 60 Some other observations:
If you've already included the file, the usual reasons __NR_exit wouldn't be defined are that the definition was being ignored due to conditional compilation (#ifdef or #ifndef at work somewhere) or because it's being removed elsewhere through a #undef.
If you're writing the code for kernel space, you have a completely different set of headers to use. LXR (http://lxr.linux.no/linux) searchable, browsable archive of the kernel source is a helpful resource.
