Simple system call checking LKM# Security - 系统安全
z*w
1 楼
This LKM is designed to catch the "evil" LKM's that modifies the system
calls. The idea is to write down the original system call address. After
some evil LKM installed, some system call address would be changed. So by
comparing the original address and current address, we can catch such
attacks.
It would detect those that modify kernel memory, system call functions'
memory, for example; and those attacks that don't modify system calls.
Here is the code:
/*
* Compile:
* gcc -O2 -c get_sys_c
calls. The idea is to write down the original system call address. After
some evil LKM installed, some system call address would be changed. So by
comparing the original address and current address, we can catch such
attacks.
It would detect those that modify kernel memory, system call functions'
memory, for example; and those attacks that don't modify system calls.
Here is the code:
/*
* Compile:
* gcc -O2 -c get_sys_c