Linux用户空间获取系统调用表地址(1)

文章由LinuxBoy分享于2019-03-26 06:03:12热评（560）

一、代码及实现

一）用户空间源代码

#include

#define CALLOFF 100 //读取100字节

struct {

unsigned short limit;

unsigned int base;

} __attribute__ ((packed)) idtr; //这个结构表示IDTR寄存器，这个寄存器中保存中断描述符表的地址

struct {

unsigned short off1;

unsigned short sel;

unsigned char none,flags;

unsigned short off2;

} __attribute__ ((packed)) idt; //中断描述符表中的内容：中断门描述符

unsigned int old_readkmem (int fd, void * buf,size_t off,unsigned int size) //用read方式读取kmem中一定长度内容

{

if (lseek64(fd, (unsigned long long)off,SEEK_SET)!=off)

{

perror("fd lseek error");

return 0;

}

if (read(fd, buf,size)!=size)

{

perror("fd read error");

return 0;

}

unsigned long readkmem (int fd, void * buf, size_t off, unsigned int size)//用mmap方式从kmem中读取一定长度内容

{

size_t moff, roff;

size_t sz = getpagesize();

char * kmap;

unsigned long ret_old = old_readkmem(fd, buf, off, size); //先用老方法读取,不行再用mmap

推荐文章：