Skip to content
/ linux-kernel-hook Public
forked from jha/linux-kernel-hook

A small kernel module that can hook arbitrary syscalls on x86_64

License

MIT license
0 stars 19 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

konstantin89/linux-kernel-hook

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
doc
doc
 
 
scripts
scripts
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
Readme.md
Readme.md
 
 

Repository files navigation

Linux Kernel Hook

This is just a small project to hook syscalls in an x86_64 Linux kernel.

Most of the other kernel hooks I've seen on the public internet use an outdated mechanism to grab the syscall table - the oldest tutorials relied on sys_call_table being exported as a public symbol, and slightly newer ones had a brute-forcing approach where they would try to find the syscall table in between two different symbols. This one doesn't do anything that fancy - the load.sh script just greps /proc/kallsyms for the syscall table addresses.

Usage

make
sudo ./scripts/load.sh

About

A small kernel module that can hook arbitrary syscalls on x86_64

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 86.5%
  • Shell 8.5%
  • Makefile 3.7%
  • C++ 1.3%