search

m0nad / Diamorphine

LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x/6.x (x86/x86_64 and ARM64)
Other
1.79k stars 425 forks source link

Adding sys_close variable assignment for systems running a kver post sys_close removal. #12

Closed selftaught closed 4 years ago

selftaught commented 5 years ago

sys_close was removed from the kernel and replaced with ksys_close and an exported symbol (__close_fd). Here's the patch which removed the availability of sys_close: https://lore.kernel.org/patchwork/patch/937297/

w/o this on my localhost, i get an error when running make:

/usr/bin/make -C /lib/modules/4.18.19-100.fc27.x86_64/build M=/home/th3v0id/Personal/Repos/Diamorphine modules
make[1]: Entering directory '/usr/src/kernels/4.18.19-100.fc27.x86_64'
  CC [M]  /home/th3v0id/Personal/Repos/Diamorphine/diamorphine.o
/home/th3v0id/Personal/Repos/Diamorphine/diamorphine.c: In function ‘get_syscall_table_bf’:
/home/th3v0id/Personal/Repos/Diamorphine/diamorphine.c:42:30: error: ‘sys_close’ undeclared (first use in this function); did you mean ‘ksys_close’?
  for (i = (unsigned long int)sys_close; i < ULONG_MAX;
                              ^~~~~~~~~
                              ksys_close
/home/th3v0id/Personal/Repos/Diamorphine/diamorphine.c:42:30: note: each undeclared identifier is reported only once for each function it appears in
make[2]: *** [scripts/Makefile.build:324: /home/th3v0id/Personal/Repos/Diamorphine/diamorphine.o] Error 1
make[1]: *** [Makefile:1509: _module_/home/th3v0id/Personal/Repos/Diamorphine] Error 2
make[1]: Leaving directory '/usr/src/kernels/4.18.19-100.fc27.x86_64'
make: *** [Makefile:7: all] Error 2

here's my uname -a output:

Linux 90h 4.18.19-100.fc27.x86_64 #1 SMP Wed Nov 14 22:04:34 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

after applying this change, the build completes successfully:

/usr/bin/make -C /lib/modules/4.18.19-100.fc27.x86_64/build M=/home/th3v0id/Personal/Repos/Diamorphine modules
make[1]: Entering directory '/usr/src/kernels/4.18.19-100.fc27.x86_64'
  CC [M]  /home/th3v0id/Personal/Repos/Diamorphine/diamorphine.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /home/th3v0id/Personal/Repos/Diamorphine/diamorphine.mod.o
  LD [M]  /home/th3v0id/Personal/Repos/Diamorphine/diamorphine.ko
make[1]: Leaving directory '/usr/src/kernels/4.18.19-100.fc27.x86_64'
m0nad commented 5 years ago

Thanks for your contribution! But I think this is duplicate with #10, I tested in kernel 4.18.0 the #10 PR and although compiles, it's returns a segmentation fault when loaded.