当前位置：文江博客话题详情

我们可以修改 int 0x80 例程吗？

发布于 2024-07-13 20:13:46 字数 96 浏览 15 评论 0原文

Linux 2.6 与 2.4 有何不同？
我们可以修改源内核吗？
我们可以修改int 0x80服务例程吗？

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

对岸观火 2024-07-20 20:13:46

更新：
1. 0x80 处理程序在 2.4 和 2.6 之间本质上是相同的，尽管从处理程序调用的函数是由 2.6 中 x86-64 的“syscall”指令处理程序调用的。
2. 0x80 处理程序可以像内核的其余部分一样进行修改。
3. 修改它不会破坏任何东西，除非你删除向后兼容性。例如，如果您愿意，您可以添加自己的痕迹或后门。另一篇文章说，如果修改处理程序，您将破坏库和工具链，这是不正确的。如果你破坏了调度算法，或者错误地修改了调度表，那么你就会破坏事情。
3a. 正如我最初发布的那样，扩展 0x80 服务的最佳方法是扩展系统调用处理程序。

正如内核源代码所说：

What:           The kernel syscall interface
Description:
        This interface matches much of the POSIX interface and is based
        on it and other Unix based interfaces.  It will only be added to
        over time, and not have things removed from it.

    Note that this interface is different for every architecture
    that Linux supports.  Please see the architecture-specific
    documentation for details on the syscall numbers that are to be
    mapped to each syscall.



The system call table entries for i386 are in:

arch/i386/kernel/syscall_table.S
Note that the table is a sequence of pointers, so if you want to maintain a degree of forward compatibility with the kernel maintainers, you'd need to pad the table before placement of your pointer.
The syscall vector number is defined in irq_vectors.h

Then traps.c sets the address of the system_call function via set_system_gate, which places the entry into the interrupt descriptor table.  The system_call function itself is in entry.S, and calls the requested pointer from the system call table.



There are a few housekeeping details, which you can see reading the code, but direct modification of the 0x80 interrupt handler is accomplished in entry.S inside the system_call function.  In a more sane fashion, you can modify the system call table, inserting your own function without modifying the dispatch mechanism.
In fact, having read the 2.6 source, it says directly that int 0x80 and x86-64 syscall use the same code, so far.  So you can make portable changes for x86-32 and x86-64.

END Update
The INT 0x80 method invokes the system call table handler.  This matches register arguments to a call table, invoking kernel functions based on the contents of the EAX register.  You can easily extend the system call table to add custom kernel API functions.
This may even work with the new syscall code on x86-64, as it uses the system call table, too.
If you alter the current system call table in any manner other than to extend it, you will break all dependent libraries and code, including libc, init, etc.
Here's the current Linux system call table: http://asm.sourceforge.net/syscall.html

UPDATE:
1. the 0x80 handler is essentially the same between 2.4 and 2.6, although the function called from the handler is called by the 'syscall' instruction handler for x86-64 in 2.6.
2. the 0x80 handler can be modified like the rest of the kernel.
3. You won't break anything by modifying it, unless you remove backwards compatibility. E.g., you can add your own trace or backdoor if you feel so inclined. The other post that says you will break your libs and toolchain if you modify the handler is incorrect. If you break the dispatch algorithm, or modify the dispatch table incorrectly, then you will break things.
3a. As I originally posted, the best way to extend the 0x80 service is to extend the system call handler.

As the kernel source says:

What:           The kernel syscall interface
Description:
        This interface matches much of the POSIX interface and is based
        on it and other Unix based interfaces.  It will only be added to
        over time, and not have things removed from it.

    Note that this interface is different for every architecture
    that Linux supports.  Please see the architecture-specific
    documentation for details on the syscall numbers that are to be
    mapped to each syscall.


The system call table entries for i386 are in:

arch/i386/kernel/syscall_table.S
Note that the table is a sequence of pointers, so if you want to maintain a degree of forward compatibility with the kernel maintainers, you'd need to pad the table before placement of your pointer.
The syscall vector number is defined in irq_vectors.h

Then traps.c sets the address of the system_call function via set_system_gate, which places the entry into the interrupt descriptor table.  The system_call function itself is in entry.S, and calls the requested pointer from the system call table.



There are a few housekeeping details, which you can see reading the code, but direct modification of the 0x80 interrupt handler is accomplished in entry.S inside the system_call function.  In a more sane fashion, you can modify the system call table, inserting your own function without modifying the dispatch mechanism.
In fact, having read the 2.6 source, it says directly that int 0x80 and x86-64 syscall use the same code, so far.  So you can make portable changes for x86-32 and x86-64.

END Update
The INT 0x80 method invokes the system call table handler.  This matches register arguments to a call table, invoking kernel functions based on the contents of the EAX register.  You can easily extend the system call table to add custom kernel API functions.
This may even work with the new syscall code on x86-64, as it uses the system call table, too.
If you alter the current system call table in any manner other than to extend it, you will break all dependent libraries and code, including libc, init, etc.
Here's the current Linux system call table: http://asm.sourceforge.net/syscall.html

回复收藏 0 原文

余罪 2024-07-20 20:13:46

这是一次架构上的大修。一切都在内部发生了变化。 SMP 支持已经完成，进程调度程序得到了极大的改进，内存管理得到了彻底的改进，还有很多很多其他的事情。
是的。它是开源软件。如果您没有源代码的副本，可以从供应商或 kernel.org 获取。
是的，但不建议这样做，因为它会破坏libc，它会破坏你的基本布局，并且如果你改变顺序它会破坏你的工具链现有的系统调用，并且几乎所有您可能认为您想做的事情都应该尽可能在用户空间中完成。