Geek Answers Handbook

How to replace the static kernel function without modifying and precompiling the linux kernel

that's all, I want to know how to replace the static kernel function in a module without changing the linux kernel. I knew that a Linux hook could replace some functions, but the problem is that I want to replace a static function without changing the linux kernel. Could you help me? Thanks.

+4
source share
3 answers

As a rule, the Linux kernel is compiled, replacing / connecting a static function at runtime is not possible (with the exception of unloading / reloading the entire module if you are talking about the module code).

This is because inlines static compilation works most of the time (unless you take the address somewhere) and therefore they will not appear in the symbol table. After compilation, there is no way to find out where in the generated binary code the static code ended - it is unlikely that you will find several built-in versions of it in all sites calling func.

So, the main question: why should the function be static ? What exactly are you trying to do, does this require the use of static ?

+4
source

If it is really compiled as a module (not built-in), just recompile the code, rmmod module and insmod new .ko file. Easy as ... some kind of cookie with a clichΓ©.

+1
source

In general, you can use some of these methods:

  • kprobes / jprobes, which allows you to connect a function using int3
  • changing the function code (for example, prolog) to go to your handler and return, later

If you don’t want to change the kernel code at all, you can configure debug registers and monitor access exceptions (of course, in the exception handler). In addition, you can try to find and invalidate some internal kernel variables, so accessing them from the kernel causes an invalid pointer dereferencing exception. In this case, you can handle such an exception and perform backtracing to achieve the objective function.

0
source

More articles:


All Articles