Linux用户空间获取系统调用表地址(1)
Linux用户空间获取系统调用表地址(1)
一、代码及实现
一)用户空间源代码
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define CALLOFF 100 //读取100字节
struct {
unsigned short limit;
unsigned int base;
} __attribute__ ((packed)) idtr; //这个结构表示IDTR寄存器,这个寄存器中保存中断描述符表 的地址
struct {
unsigned short off1;
unsigned short sel;
unsigned char none,flags;
unsigned short off2;
} __attribute__ ((packed)) idt; //中断描述符表中的内容:中断门描述符
unsigned int old_readkmem (int fd, void * buf,size_t off,unsigned int size) //用read方式读取kmem中一定长度内容
{
if (lseek64(fd, (unsigned long long)off,SEEK_SET)!=off)
{
perror("fd lseek error");
return 0;
}
if (read(fd, buf,size)!=size)
{
perror("fd read error");
return 0;
}
}
unsigned long readkmem (int fd, void * buf, size_t off, unsigned int size)//用mmap方式从kmem中读取一定长度内容
{
size_t moff, roff;
size_t sz = getpagesize();
char * kmap;
unsigned long ret_old = old_readkmem(fd, buf, off, size); //先用老方法读取,不行再用mmap
评论暂时关闭