key.txt

linux/kd.h文件中介绍了ioctl函数能够使用的命令

 
ScannerX: How Secure Is Your Network? Get free security assessment!


Console IOCTLs Under Linux
by Shok (Matt Conover) - w00w00

Console IOCTLs can be very useful and powerful. These are the IOCTls that involve the console. They are the user interface to manipulation of the console. I am going to go over these console IOCTLs and give you examples of them. You can make some pretty powerful programs, whether they be general utilities or security programs, with these (such as Auto Console Switching and Console Access Protection). The structure of this article will be the name of the IOCTL, and then example source code to uses of the IOCTL. Now, I must warn you that the console IOCTLs are being replaced by POSIX functions. These IOCTLs are undocumented Linux internals and can be added or dropped without warning. I did not include all the console IOCTLs, but I included the ones that I though would be important or useful. The switch statement for each of these IOCTLs is in linux/drivers/char/vt.c. Other interesting code to look at would be (all in linux/drivers/char) conmakehash.c, console.c, consolemap.c, keyboard.c, tty_io.c, vc_screen.c, vga.c. Other interesting files (also in linux/drivers/char) are console_struct.h, consolemap.h, kbd_kern.h, vt_kern.h, and uni_hash.tbl. We are going to be using the IOCTLs defined in /usr/include/linux/kd.h, and /usr/include/linux/vt.h. 

The function prototype for ioctl() as defined in /usr/include/sys/ioctl.h is: 
int ioctl(int fd, int request, ...) 

Technically the ioctl function prototype uses 'int d' but I think 'int fd' is a lot clearer. 

'fd' is the file descriptor of the console (/dev/tty), 'request' is the IOCTL we are requesting (such as KDGETLED), and '...' is argp, the arguments we are passing to ioctl(). When getting values from ioctl() we use a pointer and when the function returns, the value will be stored in our argument. ioctl() is specified in /usr/include/sys/ioctl.h 

We will now briefly describe the IOCTLs, the arguments it uses, and an example on how to use it where applicable. 

KDGETLED: 

This will return the current state of the LEDs. These lights on your keyboard that are on or off when something such as Caps Lock is on. Although you can turn the LEDs on or off with KDSETLED (described next) without affecting the Caps Lock, Numeric Lock, or Scroll Lock. 

It places one of the following values (or a combination of them) into a pointer, that points to a long int: 

Defined in: /usr/include/linux/kd.h 
0x1 - LED_SCR, set when the Scroll Lock LED is on 
0x2 - LED_NUM, set when the Numeric Lock LED is on 
0x4 - LED_CAP, set when the Caps Lock LED is on 

As I previously mentioned, it can return combinations (or the sum) of the LEDs turned on. For example, if the Numeric Lock and Caps Lock are both on, it will return 0x6 (0x2 + 0x4). So when no lights are on, it will return 0x0. This is also how you turn all the LEDs off as described next in KDSETLED. 

Example txt here. 

KDSETLED: 

I will not go over the values that can be passed again (LED_CAP, LED_NUM, LED_SCR, etc.) again because I described them for KDGETLED. The argument to ioctl() is a long int (I don't see why this is a long int considering it uses a value no higher than 7) with the number of the LED you want to set. If you want to set more than one LED, add the LED #'s you want set together (such as LED_NUM + LED_CAP). This DOES NOT turn, for example, Caps Lock on. This just turns the LED on the keyboard. To actually turn Caps Lock on use KDSKBLED. 

Example txt here. 

KDGKBLED: 

This is exactly the same as KDGETLED, except rather than getting the state of the LEDs, it gets the state of the flags themselves. Meaning, whether the LED is on or off doesn't matter, this returns the actual flags (if Caps Lock is on.. even if we turned off the LED with ioctl() and a KDSETLED request. The example in KDGETLED will work exactly the same except that this is getting the flags, rather than the states of the LEDs. 

KDSKBLED: 

This is exactly the same as KDSETLED except it sets the flags rather than the states of the LEDs. In other words, we can turn the Caps Lock LED off and use this which will turn Caps Lock on. Now everything will be in uppercase even though the LED light for Caps Lock isn't on. 

Example txt here. 

KDGKBTYPE: 

This will always return KB_101 (0x02), which is the standard keyboard. So I am not even going to explain this. Two other values defined are KB_84 (0x01) and KB_OTHER (0x03). 

Defined in: /usr/include/linux/kd.h 
0x1 - KB_84 
0x2 - KB_101 (Standard/Default) 
0x3 - KB_OTHER 

KDGETMODE: 

This returns the current console mode into the argument passed to ioctl() that is a pointer to a long int. The console is by default in text mode. The two modes you have are graphics and text mode. 

Defined in: /usr/include/linux/kd.h 
0x00 - KD_TEXT - Text Mode (Default) 
0x01 - KD_GRAPHICS - Graphics Mode 

There had been KD_TEXT0 and KD_TEXT1 but they are obsolete now. 

Example txt here. 

KDSETMODE: 

This takes a long int that is either set to I assume that SVGAlib uses this IOCTL (even if another function calls it). The modes and definitions are specified above. 

Example: 
***** TEST IN GRAPHICS MODE ***** 
***** TEST IN GRAPHICS MODE ***** 
***** TEST IN GRAPHICS MODE ***** 
(test with code above) 

KDMKTONE: 

This will generate a tone, and the amount of clock cycles are passed as the argument to ioctl(). Note this is different from KIOCSOUND which is the sound generation. 

Example txt here. 

KIOCSOUND: 

This and KDMKTONE both make sounds but they are in fact different. This has tones from 0-30000 (the sounds are 1193180/frequency), whereas KDMKTONE has higher values such as, the default beep you hear when you get Ctrl-G (the value is 125<<16 + 0x637), is 8,193,591 clock cycles. 

Example txt here. 

GIO_FONT and GIO_FONTX: 

These are both very similar except GIO_FONTX returns more. GIO_FONTX returns a struct consolefontdesc, and GIO_FONT only returns the font data in expanded form (which is the same as consolefontdesc's chardata). The structure for consolefontdesc is: 

struct consolefontdesc { 
unsigned short charcount; /* characters in font (256 or 512) */ 
unsigned short charheight; /* scan lines per character (1-32) */ 
char *chardata; /* font data in expanded form (8192 bytes) */ 
} 

Example txt here. 

PIO_FONTRESET: 

This resets the font to the default font. You would use this if you were playing with fonts (with PIO_FONT) and messed it up, you could then reset it with this. This is no longer implemented, and I just wrote something for this for historical purposes. 

Example txt here. 

KDGKBMODE: 

This will get the current keyboard mode (raw mode, unicode, half raw, etc.). The argument passed to ioctl() is a pointer to a long int. 

Possible modes are: raw, medium raw, Unicode, and xlate. 

Defined in: /usr/include/linux/kd.h 
0x00 - K_RAW 
0x01 - K_XLATE (the default keyboard mode) 
0x02 - K_MEDIUMRAW 
0x03 - K_UNICODE 

Example txt here. 

KDSKBMODE: 

This will get the current keyboard mode (raw mode, unicode, half raw, etc.). The argument passed to ioctl() is a long int. I stated the possible values in KDGKBMODE. 

Example txt here. 

KDGKBMETA: 

This will get the meta key handling mode. The default meta key handling mode is the escape prefix. 

Defined in: /usr/include/linux/kd.h 
0x00 There is no meta key handling mode set. 
0x03 K_METABIT (which is setting the high order bit) 
0x04 K_ESCPREFIX (escape prefix) 

I believe that 0x01 is also escape prefix, but I'm not sure. I get 0x01 returned from KDGKBMETA but it is not defined in /usr/include/linux/kd.h, and 0x01 is not returned in the switch statement linux/drivers/char/vt.c. 

Example txt here. 

KDSKBMETA: 

This will set the meta key handling mode. The modes are the same as the ones mentioned right before this in KDGKBMETA. 

Example txt here. 

KDGKBENT: 

Gets an entry from the key translation table. It converts the keycode to an action code). You pass a struct kbentry. 

Defined in: /usr/include/linux/kd.h 
struct kbentry { 
u_char kb_table; /* Table number where the key map is. */ 
u_char kb_index; /* An index into the key map. */ 
u_short kb_value; /* Value returned in here. */ 
} 

It uses key_maps[] defined in linux/drivers/char/defkeymap.c, which is are pointers to other keymaps (such as plain_map[], shift_map[], etc.) All the keycodes are u_short. 

All the keys are greater than or equal to 0. 
Here are the maximum values (defined in linux/drivers/char/defkeymap.c): 
kb_index <= NR_KEYS (NR_KEYS == 128) 
kb_table <= MAX_NR_KEYMAPS (MAX_NR_KEYMAPS == 256) 

Example txt here. 

KDSKBENT: 

Sets an entry in the key translation table. You pass a struct kbentry. See the KDGKBENT above for the structure (defined in /usr/include/linux/kd.h). 

I am not going to include one for this.. it would have bad results. You set the kb_table to a value as an index to the keymap, kb_index as an index into the keymap, and kb_value as the value you want to set it to. You do not pass this as a pointer (i.e. not as &kbent as seen above. 

KDGKBDIACR: 

This will print all the accented symbols (or characters). The argument passed to ioctl() is a pointer to a struct kbdiacrs. 

Defined in: /usr/include/linux/kd.h 
struct kbdiacrs { 
unsigned int kb_cnt; 
struct kbdiacr[256]; 
}; 

The structure kbdiacr is where the actual symbols and values are in (also defined in /usr/include/linux/kd.h: 

struct kbdiacr { 
u_char diacr; 
u_char base; 
u_char result; 
} 

Example txt here. 

KDGETKEYCODE: 

This one should be fairly obvious. It reads the keys from the kernel keycode entry. This converts the scan code to keycode. The argument to ioctl() is a struct kbkeycode.