Linux 驱动程序开发

一、hello world

编写hello.c

#include <linux/module.h>

MODULE_LICENSE("GPL");

static int __init syscall_init(void){

    printk("hello world !\n");

    return 0;
}

static void __exit syscall_release(void){

    printk("bye bye !\n");
}

module_init(syscall_init);
module_exit(syscall_release);

编写Makefile

obj-m := hello.o
CURRENT_PATH := $(shell pwd)
LINUX_KERNEL := $(shell uname -r)
LINUX_KERNEL_PATH := /usr/src/linux-headers-$(LINUX_KERNEL)

all:
        make -C $(LINUX_KERNEL_PATH) M=$(CURRENT_PATH) modules
clean:
        make -C $(LINUX_KERNEL_PATH) M=$(CURRENT_PATH) clean

编译和测试：

    sudo make

安装模块：

    insmod hello.ko

卸载模块：

    rmmod hello

查看输出信息：

    dmesg 或 tail -f /var/log/syslog

#######################################################################

资料：

syscall函数原型 https://elixir.bootlin.com/linux/v5.0/source/include/linux/syscalls.h

syscall调用号 https://elixir.bootlin.com/linux/v5.0/source/arch/sh/include/uapi/asm/unistd_64.h

syscall参数 http://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/

ftrace hook https://xz.aliyun.com/t/2948

hook in higher kernel version https://stackoverflow.com/questions/48912653/how-to-hook-sys-clone-in-newer-linux-kernel/48965890

                                               https://stackoverflow.com/questions/47115802/hooking-sys-execve-on-linux-kernel-4-6-or-higher

hook方案比较 https://xz.aliyun.com/t/2947

 

 

案例：

https://github.com/sssokar/Proxy

https://github.com/milabs/awesome-linux-rootkits

https://github.com/m0nad/Diamorphine

https://github.com/ronmm/NotAnAV