Redian新闻
>
Simple system call checking LKM
avatar
Simple system call checking LKM# Security - 系统安全
z*w
1
This LKM is designed to catch the "evil" LKM's that modifies the system
calls. The idea is to write down the original system call address. After
some evil LKM installed, some system call address would be changed. So by
comparing the original address and current address, we can catch such
attacks.
It would detect those that modify kernel memory, system call functions'
memory, for example; and those attacks that don't modify system calls.
Here is the code:
/*
* Compile:
* gcc -O2 -c get_sys_c
相关阅读
logo
联系我们隐私协议©2024 redian.news
Redian新闻
Redian.news刊载任何文章,不代表同意其说法或描述,仅为提供更多信息,也不构成任何建议。文章信息的合法性及真实性由其作者负责,与Redian.news及其运营公司无关。欢迎投稿,如发现稿件侵权,或作者不愿在本网发表文章,请版权拥有者通知本网处理。