getsyscall.c

一个驱动程序开发 一个系统调用 内附文档 非常详细

#ifndef __KERNEL__
#define __KERNEL__

#endif
#ifndef MODULE
#define MODULE
#endif

#include <linux/kernel.h>
#include <linux/module.h>

#define CALLOFF 100


unsigned symname; 
unsigned sys_call_table;

struct {
	unsigned short limit;
	unsigned int base;
} __attribute__ ((packed)) idtr;// 中断描述符表寄存器结构


struct {
	unsigned short off1;
	unsigned short sel;
	unsigned char none,flags;
	unsigned short off2;
} __attribute__ ((packed)) * idt;// 中断描述符表结构


void set_symbol_addr(unsigned old_value, unsigned new_value)
{
	struct module *mod;
	struct kernel_symbol *s;
	int i;

	for (mod = THIS_MODULE, s = mod->syms, i = 0; i < mod->num_syms; ++i, ++s)
		if (s->value == old_value) {
			s->value = new_value;
			return;
		}
}

// 从0x80中断服务例程中搜索sys_call_table的地址
char *findoffset(char *start)
{
	char *p;

	for (p = start; p < start + CALLOFF; p++)
	if (*(p + 0) == '\xff' && *(p + 1) == '\x14' && *(p + 2) == '\x85')
	return p;

	return NULL;
}

static int  getsyscall_init(void)
{
	unsigned sys_call_off;

	char *p;
	// 获取中断描述符表寄存器的地址
	asm("sidt %0":"=m"(idtr));

	// 获取0x80中断处理程序的地址
	idt = (void *) (idtr.base + 8 * 0x80);
	sys_call_off = (idt->off2 << 16) | idt->off1;

	if ((p = findoffset((char *) sys_call_off))) {
	sys_call_table = *(unsigned *) (p + 3);
	printk("addr of sys_call_table: %x\n", sys_call_table);
	set_symbol_addr((unsigned) &symname, sys_call_table);
	}

	return 0;
}

static void getsyscall_exit(void)
{}

module_init(getsyscall_init);
module_exit(getsyscall_exit);
EXPORT_SYMBOL(sys_call_table);