GoldenOak/obtain_syscall_table_by_proc.c

## obtain_syscall_table_by_proc.c
/*
 * Enable kernel address space which is 4G
*/
#define ENTER_KERNEL_ADDR_SPACE(oldfs) \
({ \
	oldfs = get_fs();  \
	set_fs (KERNEL_DS); \
});

/*
 * Enable user address space which is 3G
 */
#define EXIT_KERNEL_ADDR_SPACE(oldfs) \
({ \
	set_fs(oldfs); \
});


/*
 * Retirve the address of syscall table from
 * for kernel version >= 2.6 using file `/proc/kallsmys`
 * for kernel version < 2.6 using file `/proc/ksyms`
 */
unsigned long * obtain_syscall_table_by_proc(void)
{
	char *file_name                       = PROC_KSYMS;
	int i                                 = 0;         /* Read Index */
	struct file *proc_ksyms               = NULL;      /* struct file the '/proc/kallsyms' or '/proc/ksyms' */
	char *sct_addr_str                    = NULL;      /* buffer for save sct addr as str */
	char proc_ksyms_entry[MAX_LEN_ENTRY]  = {0};       /* buffer for each line at file */
	unsigned long* res                    = NULL;      /* return value */
	char *proc_ksyms_entry_ptr            = NULL;
	int read                              = 0;
	mm_segment_t oldfs;


	/* Allocate place for sct addr as str */
	if((sct_addr_str = (char*)kmalloc(MAX_LEN_ENTRY * sizeof(char), GFP_KERNEL)) == NULL)
		goto CLEAN_UP;

	if(((proc_ksyms = filp_open(file_name, O_RDONLY, 0)) || proc_ksyms) == NULL)
		goto CLEAN_UP;

	ENTER_KERNEL_ADDR_SPACE(oldfs);
	read = vfs_read(proc_ksyms, proc_ksyms_entry + i, 1, &(proc_ksyms->f_pos));
	EXIT_KERNEL_ADDR_SPACE(oldfs);

	while( read == 1)
	{
		if(proc_ksyms_entry[i] == '\n' || i == MAX_LEN_ENTRY)
		{
			if(strstr(proc_ksyms_entry, "sys_call_table") != NULL)
			{
				printk(KERN_INFO "Found Syscall table\n");
				printk(KERN_INFO "Line is:%s\n", proc_ksyms_entry);

				proc_ksyms_entry_ptr = proc_ksyms_entry;
				strncpy(sct_addr_str, strsep(&proc_ksyms_entry_ptr, " "), MAX_LEN_ENTRY);
				if((res = kmalloc(sizeof(unsigned long), GFP_KERNEL)) == NULL)
					goto CLEAN_UP;
				kstrtoul(sct_addr_str, 16, res);
				goto CLEAN_UP;
			}

			i = -1;
			memset(proc_ksyms_entry, 0, MAX_LEN_ENTRY);
		}

		i++;

#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0)
	read = kernel_read(proc_ksyms, proc_ksyms_entry + i, 1, &(proc_ksyms->f_pos));
#else
	ENTER_KERNEL_ADDR_SPACE();
	read = vfs_read(proc_ksyms, proc_ksyms_entry + i, 1, &(proc_ksyms->f_pos));
	EXIT_KERNEL_ADDR_SPACE();
#endif

	}


CLEAN_UP:
	if(sct_addr_str != NULL)
		kfree(sct_addr_str);
	if(proc_ksyms != NULL)
		filp_close(proc_ksyms, 0);

	return (unsigned long*)res;
}
	/*
	* Enable kernel address space which is 4G
	*/
	#define ENTER_KERNEL_ADDR_SPACE(oldfs) \
	({ \
	oldfs = get_fs(); \
	set_fs (KERNEL_DS); \
	});

	/*
	* Enable user address space which is 3G
	*/
	#define EXIT_KERNEL_ADDR_SPACE(oldfs) \
	({ \
	set_fs(oldfs); \
	});


	/*
	* Retirve the address of syscall table from
	* for kernel version >= 2.6 using file `/proc/kallsmys`
	* for kernel version < 2.6 using file `/proc/ksyms`
	*/
	unsigned long * obtain_syscall_table_by_proc(void)
	{
	char *file_name = PROC_KSYMS;
	int i = 0; /* Read Index */
	struct file proc_ksyms = NULL; / struct file the '/proc/kallsyms' or '/proc/ksyms' */
	char sct_addr_str = NULL; / buffer for save sct addr as str */
	char proc_ksyms_entry[MAX_LEN_ENTRY] = {0}; /* buffer for each line at file */
	unsigned long* res = NULL; /* return value */
	char *proc_ksyms_entry_ptr = NULL;
	int read = 0;
	mm_segment_t oldfs;


	/* Allocate place for sct addr as str */
	if((sct_addr_str = (char)kmalloc(MAX_LEN_ENTRY sizeof(char), GFP_KERNEL)) == NULL)
	goto CLEAN_UP;

	if(((proc_ksyms = filp_open(file_name, O_RDONLY, 0)) \|\| proc_ksyms) == NULL)
	goto CLEAN_UP;

	ENTER_KERNEL_ADDR_SPACE(oldfs);
	read = vfs_read(proc_ksyms, proc_ksyms_entry + i, 1, &(proc_ksyms->f_pos));
	EXIT_KERNEL_ADDR_SPACE(oldfs);

	while( read == 1)
	{
	if(proc_ksyms_entry[i] == '\n' \|\| i == MAX_LEN_ENTRY)
	{
	if(strstr(proc_ksyms_entry, "sys_call_table") != NULL)
	{
	printk(KERN_INFO "Found Syscall table\n");
	printk(KERN_INFO "Line is:%s\n", proc_ksyms_entry);

	proc_ksyms_entry_ptr = proc_ksyms_entry;
	strncpy(sct_addr_str, strsep(&proc_ksyms_entry_ptr, " "), MAX_LEN_ENTRY);
	if((res = kmalloc(sizeof(unsigned long), GFP_KERNEL)) == NULL)
	goto CLEAN_UP;
	kstrtoul(sct_addr_str, 16, res);
	goto CLEAN_UP;
	}

	i = -1;
	memset(proc_ksyms_entry, 0, MAX_LEN_ENTRY);
	}

	i++;

	#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,0,0)
	read = kernel_read(proc_ksyms, proc_ksyms_entry + i, 1, &(proc_ksyms->f_pos));
	#else
	ENTER_KERNEL_ADDR_SPACE();
	read = vfs_read(proc_ksyms, proc_ksyms_entry + i, 1, &(proc_ksyms->f_pos));
	EXIT_KERNEL_ADDR_SPACE();
	#endif

	}


	CLEAN_UP:
	if(sct_addr_str != NULL)
	kfree(sct_addr_str);
	if(proc_ksyms != NULL)
	filp_close(proc_ksyms, 0);

	return (unsigned long*)res;
	}