1. 首頁
  2. 問答
  3. linux內核中斷劫持

linux內核中斷劫持

2011-11-23 56 views
0

所以我最後的內核作業是通過用我自己的劫持例程的地址替換IDT中的中斷處理程序的地址來劫持中斷。我的模塊正常工作;然而,無論何時在我的劫持例程中有打印語句,我都會收到內核oops或恐慌。所以我想我想知道是否有人對此有解釋,或者是否有方法進行調試。我正在運行的內核3.0.4,這裏是一些錯誤信息,我得到linux內核中斷劫持

[ 2479.355359] general protection fault: 0000 [#2] SMP 
[ 2479.356972] Modules linked in: get_idt(P) cryptd aes_i586 aes_generic binfmt_misc pci_stub vboxpci vboxnetadp vboxnetflt vboxdrv nouveau ttm drm_kms_helper drm i2c_algo_bit mxm_wmi parport_pc ppdev snd_hda_codec_analog joydev pcmcia snd_hda_intel snd_hda_codec snd_hwdep snd_pcm arc4 snd_seq_midi yenta_socket pcmcia_rsrc pcmcia_core snd_rawmidi r852 sm_common nand nand_ids nand_ecc video ath5k ath snd_seq_midi_event mac80211 snd_seq snd_timer cfg80211 btusb snd_seq_device bluetooth psmouse thinkpad_acpi tpm_tis serio_raw sdhci_pci firewire_ohci sdhci mtd firewire_core crc_itu_t tpm tpm_bios nvram snd e1000e lp parport soundcore snd_page_alloc [last unloaded: get_idt] 
[ 2479.358225] 
[ 2479.358225] Pid: 2872, comm: float Tainted: P  D  3.0.0 #46 LENOVO 64574JU/64574JU 
[ 2479.358225] EIP: 0060:[<c1049244>] EFLAGS: 00210046 CPU: 0 
[ 2479.358225] EIP is at vprintk+0x64/0x4a0 
[ 2479.358225] EAX: ffffffff EBX: 00000000 ECX: 00000000 EDX: 00000000 
[ 2479.358225] ESI: f0143fd8 EDI: 00000000 EBP: f0143fbc ESP: f0143f44 
[ 2479.358225] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 
[ 2479.358225] Process float (pid: 2872, ti=f0142000 task=f08df230 task.ti=f0142000) 
[ 2479.358225] Stack: 
[ 2479.358225] f08df230 f0398ab8 f0398a80 00000004 00200046 b7651c10 c10ff884 f84bd024 
[ 2479.358225] f0398a80 f0143f98 c1100889 ffffffef 00000004 ef85e7f4 f0398a84 ef85e9a0 
[ 2479.358225] b7799000 ef85e7e8 f0398a80 f0398ab8 b7788000 f0143fac c1101c9b b7783ff4 
[ 2479.358225] Call Trace: 
[ 2479.358225] [<c10ff884>] ? remove_vma+0x44/0x60 
[ 2479.358225] [<c1100889>] ? do_munmap+0x1f9/0x270 
[ 2479.358225] [<c1101c9b>] ? sys_munmap+0x4b/0x60 
[ 2479.358225] [<c1516760>] ? spurious_fault+0xd0/0xd0 
[ 2479.358225] [<c1510af6>] printk+0x30/0x32 
[ 2479.358225] [<f84bc028>] take_over+0x28/0x30 [get_idt] 
[ 2479.358225] [<f84bc03e>] hijack+0x6/0x18 [get_idt] 
[ 2479.358225] Code: 78 c1 00 0f 84 29 03 00 00 8b 1d ac 94 78 c1 85 db 0f 85 a6 03 00 00 9c 58 8d 74 26 00 89 45 98 fa 90 8d 74 26 00 a1 f4 6d 73 c1 
[ 2479.358225] 8b 15 c0 30 83 c1 89 55 9c 39 c2 0f 84 9f 03 00 00 b8 a0 d6 
[ 2479.358225] EIP: [<c1049244>] vprintk+0x64/0x4a0 SS:ESP 0068:f0143f44 
[ 2479.358225] ---[ end trace bae1cb37e149735b ]---

,這裏是我的劫持例程,它給我一個錯誤:

asmlinkage void take_over(void) { 
    printk("Divide by 0 has been hijacked\n"); 
}

我做了一個不同的程序來操縱一個正常工作的整數,但我希望例程包含一個打印語句。

來源

2011-11-23 mike

回答

0

printk調用應該以KERN_*爲前綴常量。所以,請嘗試:

printk(KERN_INFO "Divide by 0 has been hijacked\n");

是的,這就是分辯:還有的KERN_INFO和字符串之間沒有逗號。

來源

2011-11-27 22:43:30 Mircea

0

難道這些特定的按鍵筆劃需要特定的處理,並且通過返回IRQ_HANDLED內核不會調用其他共享處理程序?你有沒有試過返回IRQ_NONE

來源

2011-11-28 00:11:12

相關問題

 相關問題