Open danielhaish opened 4 years ago
yonghong-song
commented
4 years ago Could you share the complete code so folks here can help? It is not clear why you are copying bp register.
copy_from_user(mid, tr->bp, 1) you are only copying one byte here and later on to access it as an array pointer. This does not sound right. Are you using x86 architecture or something else?
danielhaish
commented
4 years ago Could you share the complete code so folks here can help? It is not clear why you are copying
bpregister.copy_from_user(mid, tr->bp, 1)you are only copying one byte here and later on to access it as an array pointer. This does not sound right. Are you using x86 architecture or something else?
well the argv argument in the sys execve system call send to ebp register, and it array of arrays so i need first to copy the first address of the array and then copy the string from there so i copied the fisrt address and them accesses it and copy the string from it and yesh i am using x68 but it doesn't matter because it run on the os in addition i tired to copy in difference sizes and i also must say that it work fine for the envp argument in the cx register
i build hook for the execve system call and I tried to copy the dp register (i saw it on assembly user space program)from the struct and then copy from the first address but it always empty this is my code `copy_from_user(mid,tr->bp,1);
strncpy_from_user(argv,mid[0], 100);
argv[99]='\0';
printk("cccc:%s\n",argv); ` but when i run for example python3 b.py i dont see in the kernel log the b.py but i do able to get the file that been execute in this case python3 from the bx register