ForkInterception.c

#include<linux/kernel.h>
#include<linux/module.h>
#include<linux/unistd.h>
#include<linux/semaphore.h>
#include<asm/cacheflush.h>
#include<asm/tlbflush.h>
MODULE_LICENSE("GPL");
void **sys_call_table;
struct page *pg;
asmlinkage int (*original_call)(struct pt_regs);
asmlinkage int our_call(struct pt_regs regs)
{
  printk(KERN_ALERT "Intercepted sys_fork");
	return original_call(regs);
}
static void disable_page_prot(void)
{
	unsigned long value;
	asm volatile ("mov %%cr0,%0" : "=r" (value));
	if(!(value&0x00010000))
		return;
	asm volatile ("mov %0,%%cr0": :"r" (value & ~0x00010000));
}
static void enable_page_prot(void)
{
	unsigned long value;
	asm volatile("mov %%cr0,%0" : "=r" (value));
	if(value&0x00010000)
		return;
	asm volatile("mov %0,%%cr0": :"r" (value |0x00010000));
}
static int __init p_entry(void)
{
	printk(KERN_ALERT "Module Intercept inserted");
	sys_call_table=(void *)0xc12c9e90;
	original_call=(void *)sys_call_table[__NR_fork];
	disable_page_prot();
	sys_call_table[__NR_fork]=(unsigned long *)our_call;
	enable_page_prot();
	return 0;
}
static void __exit p_exit(void)
{
	disable_page_prot();
	sys_call_table[__NR_fork]=(unsigned long *)original_call;
	enable_page_prot();
	printk(KERN_ALERT "Module Intercept removed");
}
module_init(p_entry);
module_exit(p_exit);