-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathidt_check.c
97 lines (75 loc) · 2.17 KB
/
idt_check.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include "hookIDT.h"
/*
** ~ Informations:
*/
MODULE_LICENSE("Dual BSD/GPL");
MODULE_AUTHOR("[ EpiTek4 ] Strasbourg");
/*
** ~ Initializations:
*/
unsigned long ptr_idt_table;
unsigned long pdt_gdt_table;
unsigned long old_interrupt;
static int hookIDT_init(void)
{
printk(KERN_ALERT "[MSG] deadlands h00k IDT - module init\n");
ptr_idt_table = get_idt_addr();
epiHook(INT_0, &my_handler);
printk(KERN_ALERT "[MSG] deadlands h00k SYS - interrupt powned!\n");
return (0);
}
static void hookIDT_exit(void)
{
printk(KERN_ALERT "[MSG] deadlands h00k IDT - module exit\n");
epiHook1(INT_0);
printk(KERN_ALERT "[MSG] deadlands h00k IDT - interrupt restored!\n");
}
/*
** ~ Functions:
*/
unsigned long get_idt_addr(void)
{
unsigned char idtr[6];
unsigned long idt;
__asm__ volatile ("sidt %0" : "=m" (idtr));
idt = *((unsigned long *)&idtr[2]);
return (idt);
}
int epiHook(int nINT, void *new_interrupt)
{
struct s_descriptorIDT *idt;
unsigned long addr;
addr = (unsigned long)new_interrupt;
idt = (struct s_descriptorIDT *)ptr_idt_table;
old_interrupt = (unsigned long)get_interrupt_from_idt(nINT);
idt[nINT].offset_hi = (unsigned short)(addr >> 16);
idt[nINT].offset_lo = (unsigned short)(addr & 0x0000FFFF);
return (0);
}
int epiHook1(int nINT)
{
struct s_descriptorIDT *idt;
idt = (struct s_descriptorIDT *)ptr_idt_table;
idt[nINT].offset_hi = (unsigned short)(old_interrupt >> 16);
idt[nINT].offset_lo = (unsigned short)(old_interrupt & 0x0000FFFF);
return (0);
}
void *get_interrupt_from_idt(int nINT)
{
struct s_descriptorIDT *idt;
void *addr;
idt = &((struct s_descriptorIDT *)ptr_idt_table)[nINT];
addr = (void *)(((unsigned long)0xFFFFFFFF00000000) + (((unsigned long)idt->offset_hi) << 16) + ((unsigned long)(idt->offset_lo)));
return (addr);
}
asmlinkage void my_handler(struct pt_regs * regs, long err_code)
{
void (*old_int_handler)(struct pt_regs *, long) = (void *)old_interrupt;
printk(KERN_ALERT "[MSG] deadlands h00k IDT - INTERCEPT IDT^^\n");
(*old_int_handler)(regs, err_code);
}
module_init(hookIDT_init);
module_exit(hookIDT_exit);