資源簡介
本代碼已經通過實際測試,代碼運行良好,無bug。在Linux內核中增加一個系統調用,并編寫對應的linux應用程序。利用該系統調用能夠遍歷系統當前所有進程的任務描述符,并按進程父子關系將這些描述符所對應的進程id(PID)組織成樹形結構顯示。
代碼片段和文件信息
#include???
#include???
#include???
#include???
#include???
#include??
#define?my_syscall_num?223??//系統調用號(沒有被系統占用)
#define?sys_call_table_address?0xc06224e0??//sys_call_table首地址通過grep?sys_call_table?/boot/System.map-‘uname?-r‘獲取
unsigned?long?*sys_call_table?=?0;?
int?orig_cr0;???
static?int?(*anything_saved)(void);?
static?int?counter?=?0;?
typedef?struct?process??
{??
????int?pid;??
????int?depth;??
}process;????
process?a[512];
/* 控制寄存器cr0的第16位是寫保護位。
若清零了則允許超級權限往內核中寫入數據
然后寫完后,又將那一位復原就行了。*/
unsigned?int?clear_and_return_cr0(void)??
{??
????unsigned?int?cr0?=?0;??
????unsigned?int?ret;??
????asm(“movl?%%cr0?%%eax“:“=a“(cr0));//讀取cr0寄存器的值放入eax中,同時賦值給cr0??
????ret?=?cr0;??
????cr0?&=?0xfffeffff;??
????asm(“movl?%%eax?%%cr0“::“a“(cr0));??
????return?ret;??
}??
??
void?setback_cr0(unsigned?int?val)?
{??
????asm?volatile(“movl?%%eax?%%cr0“::“a“(val));?//讀取val的值到eax寄存器,再將eax寄存器的值放入cr0中??
}??
void?processtree(struct?task_struct?*?pint?b)??
{??
????struct?list_head?*?l;??
????a[counter].pid?=?p?->?pid;??
????a[counter].depth?=?b;??
????counter?++;??
????for(l?=?p?->?children.next;?l?!=?&(p->children);?l?=?l->next)??
????{??
????????struct?task_struct?*t?=?list_entry(lstruct?task_structsibling);??
????????processtree(tb+1);??
????}??
}??
asmlinkage?long?sys_mycall(char?__user?*?buf)??
{??
????int?b?=?0;??
????struct?task_struct?*?p;??
????printk(“**********sys_mycall************\n“);??
??
????for(p?=?current;?p?!=?&init_task;?p?=?p->parent?);//通過當前current進行向上查找直到p指向根進程init_task。??
????processtree(pb);??
??????????
????if(copy_to_user((struct?process?*)bufa512*sizeof(struct?process)))??
????????return?-EFAULT;??
????else??
????????return?sizeof(a);??
}??
??
static?int?__init?init_addsyscall(void)??
{??
????printk(“***********init_addsyscall*************\n“);??
????sys_call_table?=?(unsigned?long?*)sys_call_table_address;//獲取sys_call_table的首地址?
????printk(“*********sys_call_table:?0x%p\n“?sys_call_table);??//
????anything_saved?=?(int(*)(void))?(sys_call_table[my_syscall_num]);//保存原始系統調用的地址??
????orig_cr0?=?clear_and_return_cr0();//修改sys_call_table寫屬性
????sys_call_table[my_syscall_num]=?(unsigned?long)&sys_mycall;//將223號指向自己寫的調用函數?
????setback_cr0(orig_cr0);//恢復頁表只讀屬性?
????return?0;??
}??
static?void?__exit?exit_addsyscall(void)??
{??
????//設置cr0中對sys_call_table的更改權限。??
????orig_cr0?=?clear_and_return_cr0();//設置cr0可更改??
????//恢復原有的中斷向量表中的函數指針的值。??
????sys_call_table[my_syscall_num]=?(unsigned?long)anything_saved;??
????//恢復原有的cr0的值??
????setback_cr0(orig_cr0);??
????printk(“**************call?exit_addsyscall?exit********************?\n“);??
}??
module_init(init_addsyscall);??
module_exit(exit_addsyscall);??
MODULE_LICENSE(“GPL“);?
?屬性????????????大小?????日期????時間???名稱
-----------?---------??----------?-----??----
????..A..H.???????278??2016-12-31?23:10??ProgressTreePrint\.ProgressTreePrintKernel.ko.cmd
????..A..H.?????13700??2016-12-31?23:10??ProgressTreePrint\.ProgressTreePrintKernel.mod.o.cmd
????..A..H.?????13787??2016-12-31?23:10??ProgressTreePrint\.ProgressTreePrintKernel.o.cmd
?????文件????????117??2017-01-01?14:40??ProgressTreePrint\.tmp_versions\ProgressTreePrintKernel.mod
?????文件????????394??2016-12-31?19:46??ProgressTreePrint\Makefile
?????文件????????414??2016-12-31?19:45??ProgressTreePrint\Makefile~
?????文件??????????0??2016-12-31?19:48??ProgressTreePrint\Module.markers
?????文件??????????0??2016-12-31?19:48??ProgressTreePrint\Module.symvers
?????文件???????3114??2016-12-31?19:52??ProgressTreePrint\ProgressTreePrintKernel.c
?????文件???????3113??2016-12-31?19:47??ProgressTreePrint\ProgressTreePrintKernel.c~
?????文件??????79011??2016-12-31?23:10??ProgressTreePrint\ProgressTreePrintKernel.ko
?????文件????????722??2016-12-31?23:10??ProgressTreePrint\ProgressTreePrintKernel.mod.c
?????文件??????42852??2016-12-31?23:10??ProgressTreePrint\ProgressTreePrintKernel.mod.o
?????文件??????37396??2016-12-31?23:10??ProgressTreePrint\ProgressTreePrintKernel.o
?????文件???????4992??2017-01-01?14:40??ProgressTreePrint\ProgressTreePrintUser
?????文件????????545??2016-12-31?19:05??ProgressTreePrint\ProgressTreePrintUser.c
????...D.H.?????????0??2017-02-15?11:44??ProgressTreePrint\.tmp_versions
?????目錄??????????0??2017-02-15?11:44??ProgressTreePrint
-----------?---------??----------?-----??----
???????????????200435????????????????????18
- 上一篇:百度收錄批量提交工具
- 下一篇:labview濾波器設計
評論
共有 條評論
川公網安備 51152502000135號