Notes /
KernelDataStructuresInvestigating Kernel Data StructuresJanuary 06, 2015 The ProblemFor some reason the So my next attempt will be to take a closer look at those structures, starting with the rather monstrous Preliminary SetupI am going to use QEMU to run a virtual machine of Create a drive (10G was not sufficient):
Install OS on drive: host> qemu-system-x86_64 -enable-kvm -hda drive-name.img -cdrom ~/ubuntu-10.04.4-server-amd64.iso -m 1024 -boot d Follow the normal installation path. So bloody easy. To run without the "cdrom" in ( host> qemu-system-x86_64 -enable-kvm -hda drive-name.img -m 1024 Take a snapshot if you would like: qemu-img create -f qcow2 -b drive-name.img snapshot.img From now on you should use The rest is being run from inside the VM. To do anything useful, I'll need to install some software packages: guest> sudo apt-get update guest> sudo apt-get upgrade guest> sudo apt-get install build-essential emacs git-core libncurses5-dev kernel-package Update grub so that the resolution is better, and so that you see different kernel options: guest> sudo emacs /etc/default/grub Change the following lines: GRUB_HIDDEN_TIMEOUT= GRUB_CMDLINE_LINUX_DEFAULT="splash vga=792" guest> sudo update-grub Adding a Syscall
Log buffer length is now a config option. Fortunately for me, adding a syscall to the kernel is a OS course staple. Unfortunately, I want the syscall code itself to actually be handled by a kernel module, which is less standard. This is usually a bad idea, since the module may or not be loaded. First, grab your kernel's source: guest> wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.2.55.tar.gz guest> gunzip linux-3.2.55.tar.gz guest> tar -xvf linux-3.2.55.tar More recent kernels have a more streamlined way to deal with I am using the 3.2.55 kernel, so the process is a bit more redundant. Edit Update the number of Syscalls extern the table? Building / TestingFrom the linux source directory. I really need to figure out what I can deselect in guest> fakeroot make-kpkg --initrd --revision=3.2.55.task kernel_image guest> sudo rm -rf /lib/modules/3.2.55/* guest> sudo dpkg -i ../linux-image-3.2.55_3.2.55.task_amd64.deb guest> sudo update-initramfs -c -k all guest> sudo update-grub guest> sudo update-grub2 I need to add all of the code here. The kernel module / syscall intercept is interesting enough I think. Unfortunately investigating |