search

carloslack / KoviD

Linux kernel rootkit
Other
275 stars 53 forks source link

could not insert module kovid.ko: Bad address #88

Closed SaigyoujiYuyuko233 closed 6 months ago

SaigyoujiYuyuko233 commented 6 months ago

Describe the bug After make all, the kernel module failed to load with error could not insert module kovid.ko: Bad address.

To Reproduce Steps to reproduce the behavior:

  1. Pull the git repo, with branch master
  2. cd KoviD
  3. make all
  4. git submodule update --init volundr
  5. make -C volundr
  6. insmod ./kovid.ko
  7. See the error

Expected behavior kovid.ko loaded into kernel.

Screenshots image

Desktop (please complete the following information):

PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0
GNU ld (GNU Binutils for Ubuntu) 2.38
Linux test3x 5.15.0-105-generic #115-Ubuntu SMP Mon Apr 15 09:52:04 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Additional context I tried branches such as kvv1.0 and kvdev, and they all failed duing make

Any help would be appreciated!

SaigyoujiYuyuko233 commented 6 months ago

After checking out a6f38f9b4a92dd43d78415796c034b54237049a1, it works. But after 29a32a7d9a00b06e7141fe0311926b651ff92b1b, the issue start appearing

carloslack commented 6 months ago

Screenshot from 2024-04-29 13-45-55

It works for me. Please show your dmesg output after running insmod

SaigyoujiYuyuko233 commented 6 months ago

Screenshot from 2024-04-29 13-45-55

It works for me. Please show your dmesg output after running insmod

Oh I forget to rename the PROCNAME. After doing that it works fine. Thanks!

saymyname77 commented 6 months ago

same problem...

carloslack commented 6 months ago

same problem...

rename your Makefile PROCNAME

saymyname77 commented 6 months ago

same problem...

rename your Makefile PROCNAME

''' COMPILER_OPTIONS := -Wall -DPROCNAME='"4396"' \ ''' I have already loaded another lkm, is it possible that this is the reason?

carloslack commented 6 months ago

Please, use ascii a-z for the name, not numbers then try again

saymyname77 commented 6 months ago

Please, use ascii a-z for the name, not numbers then try again

COMPILER_OPTIONS := -Wall -DPROCNAME='"idle"' \ still not work

make /usr/bin/as --64 src/persist.S -statistics -fatal-warnings \ -size-check=error -o src/persist.o /usr/bin/as: total time in assembly: 0.007993 frag chains:

0x561245935e50 .text                 5 frags

0x561245935ee8 .data                 2 frags

0x561245935f80 .bss                  2 frags

fixups: 5 1 mini local symbols created, 0 converted /usr/bin/ld -Ttext 200000 --oformat binary -o src/persist src/persist.o make -C /lib/modules/5.4.0-152-generic/build M=/home/xx/.rm/KoviD-master modules make[1]: Entering directory '/usr/src/linux-headers-5.4.0-152-generic' CC [M] /home/xx/.rm/KoviD-master/src/kovid.o In file included from /home/xx/.rm/KoviD-master/src/kovid.c:26:0: /home/xx/.rm/KoviD-master/src/lkm.h:12:9: note: #pragma message: !!! Be careful: Build kovid in DEBUG mode !!!

pragma message "!!! Be careful: Build kovid in DEBUG mode !!!"

     ^~~~~~~

CC [M] /home/xx/.rm/KoviD-master/src/pid.o In file included from /home/xx/.rm/KoviD-master/src/pid.c:17:0: /home/xx/.rm/KoviD-master/src/lkm.h:12:9: note: #pragma message: !!! Be careful: Build kovid in DEBUG mode !!!

pragma message "!!! Be careful: Build kovid in DEBUG mode !!!"

     ^~~~~~~

/home/xx/.rm/KoviD-master/src/lkm.h:175:20: warning: ‘kv_hide_str_on_load’ defined but not used [-Wunused-variable] static const char *kv_hide_str_on_load[] = { ^~~~~~~ CC [M] /home/xx/.rm/KoviD-master/src/fs.o In file included from /home/xx/.rm/KoviD-master/src/fs.c:18:0: /home/xx/.rm/KoviD-master/src/lkm.h:12:9: note: #pragma message: !!! Be careful: Build kovid in DEBUG mode !!!

pragma message "!!! Be careful: Build kovid in DEBUG mode !!!"

     ^~~~~~~

/home/xx/.rm/KoviD-master/src/lkm.h:175:20: warning: ‘kv_hide_str_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_str_on_load[] = { ^~~~~~~ /home/xx/.rm/KoviD-master/src/lkm.h:167:20: warning: ‘kv_hide_ps_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_ps_on_load[] = { ^~~~~~ CC [M] /home/xx/.rm/KoviD-master/src/sys.o In file included from /home/xx/.rm/KoviD-master/src/sys.c:19:0: /home/xx/.rm/KoviD-master/src/lkm.h:12:9: note: #pragma message: !!! Be careful: Build kovid in DEBUG mode !!!

pragma message "!!! Be careful: Build kovid in DEBUG mode !!!"

     ^~~~~~~

/home/xx/.rm/KoviD-master/src/sys.c: In function ‘m_bpf’: /home/xx/.rm/KoviD-master/src/sys.c:242:2: warning: #warning "Using old __bpf_map_get" [-Wcpp]

warning "Using old __bpf_map_get"

^~~ /home/xx/.rm/KoviD-master/src/sys.c: In function ‘m_execve’: /home/xx/.rm/KoviD-master/src/sys.c:34:26: warning: initialization makes pointer from integer without a cast [-Wint-conversion]

define PT_REGS_PARM2(x) ((x)->si)

                      ^

/home/xx/.rm/KoviD-master/src/sys.c:362:49: note: in expansion of macro ‘PT_REGS_PARM2’ struct user_arg_ptr argvx = { .ptr.native = PT_REGS_PARM2(regs) }; ^~~~~ /home/xx/.rm/KoviD-master/src/sys.c:34:26: note: (near initialization for ‘argvx.ptr.native’)

define PT_REGS_PARM2(x) ((x)->si)

                      ^

/home/xx/.rm/KoviD-master/src/sys.c:362:49: note: in expansion of macro ‘PT_REGS_PARM2’ struct user_arg_ptr argvx = { .ptr.native = PT_REGS_PARM2(regs) }; ^~~~~ /home/xx/.rm/KoviD-master/src/sys.c: At top level: /home/xx/.rm/KoviD-master/src/sys.c:454:9: note: #pragma message: tcp6_seq_show untested

pragma message "tcp6_seq_show untested"

     ^~~~~~~

/home/xx/.rm/KoviD-master/src/sys.c:469:9: note: #pragma message: udp6_seq_show untested

pragma message "udp6_seq_show untested"

     ^~~~~~~

/home/xx/.rm/KoviD-master/src/sys.c: In function ‘_tty_write_log’: /home/xx/.rm/KoviD-master/src/sys.c:621:5: warning: ISO C90 forbids variable length array ‘ttybuf’ [-Wvla] char ttybuf[len+16]; ^~~~ In file included from /home/xx/.rm/KoviD-master/src/sys.c:19:0: At top level: /home/xx/.rm/KoviD-master/src/lkm.h:175:20: warning: ‘kv_hide_str_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_str_on_load[] = { ^~~~~~~ /home/xx/.rm/KoviD-master/src/lkm.h:167:20: warning: ‘kv_hide_ps_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_ps_on_load[] = { ^~~~~~ CC [M] /home/xx/.rm/KoviD-master/src/sock.o In file included from /home/xx/.rm/KoviD-master/src/sock.c:21:0: /home/xx/.rm/KoviD-master/src/lkm.h:12:9: note: #pragma message: !!! Be careful: Build kovid in DEBUG mode !!!

pragma message "!!! Be careful: Build kovid in DEBUG mode !!!"

     ^~~~~~~

/home/xx/.rm/KoviD-master/src/lkm.h:175:20: warning: ‘kv_hide_str_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_str_on_load[] = { ^~~~~~~ /home/xx/.rm/KoviD-master/src/lkm.h:167:20: warning: ‘kv_hide_ps_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_ps_on_load[] = { ^~~~~~ CC [M] /home/xx/.rm/KoviD-master/src/util.o In file included from /home/xx/.rm/KoviD-master/src/util.c:16:0: /home/xx/.rm/KoviD-master/src/lkm.h:12:9: note: #pragma message: !!! Be careful: Build kovid in DEBUG mode !!!

pragma message "!!! Be careful: Build kovid in DEBUG mode !!!"

     ^~~~~~~

/home/xx/.rm/KoviD-master/src/lkm.h:175:20: warning: ‘kv_hide_str_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_str_on_load[] = { ^~~~~~~ /home/xx/.rm/KoviD-master/src/lkm.h:167:20: warning: ‘kv_hide_ps_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_ps_on_load[] = { ^~~~~~ CC [M] /home/xx/.rm/KoviD-master/src/vm.o In file included from /home/xx/.rm/KoviD-master/src/vm.c:4:0: /home/xx/.rm/KoviD-master/src/lkm.h:12:9: note: #pragma message: !!! Be careful: Build kovid in DEBUG mode !!!

pragma message "!!! Be careful: Build kovid in DEBUG mode !!!"

     ^~~~~~~

/home/xx/.rm/KoviD-master/src/lkm.h:175:20: warning: ‘kv_hide_str_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_str_on_load[] = { ^~~~~~~ /home/xx/.rm/KoviD-master/src/lkm.h:167:20: warning: ‘kv_hide_ps_on_load’ defined but not used [-Wunused-variable] static const char kv_hide_ps_on_load[] = { ^~~~~~ LD [M] /home/xx/.rm/KoviD-master/kovid.o Building modules, stage 2. MODPOST 1 modules CC [M] /home/xx/.rm/KoviD-master/kovid.mod.o LD [M] /home/xx/.rm/KoviD-master/kovid.ko make[1]: Leaving directory '/usr/src/linux-headers-5.4.0-152-generic'

carloslack commented 6 months ago

no issues from the building I see, show your dmesg when loading the module. remember you need to kill to activate the proc entry, after loading the module.