Linux and Security Practice II

Linux and Security Practice II

Basic kernel Modules

20135238 Ching

1. Understanding Module Principles

Linux modules are a collection of functions and data types that can be compiled as standalone programs. The module mechanism is provided because Linux itself is a single core. Single core because all content is integrated and efficient, but scalability and maintainability is relatively poor, the module mechanism can compensate for this flaw.

Linux modules can be loaded into the kernel space by static or dynamic methods, and static loading refers to loading during kernel boot, and dynamic loading means loading at any time during kernel running.

When a module is loaded into the kernel, it becomes part of the kernel code. When the module is loaded into the system, the system modifies the symbol table in the kernel, adding the resources and symbols provided by the newly loaded module to the kernel symbol table for inter-module communication.

2 , writing module code

Module constructor: The initialization function that is called when the kernel module is loaded by executing a insmod or modprobe instruction. The function prototype must be Module_init (), the function pointer inside the parentheses

Module destructor: The function called when executing the rmmod instruction unload module. Function prototype is module_exit ()

Module License Statement: The function prototype is Module_license (), which tells the kernel which license the program uses, otherwise it will prompt the module to contaminate the kernel when it is loaded. The GPL is generally written.

Header file Module.h, this file must be included;

Header file Kernel.h, containing commonly used kernel functions;

The header file Init.h contains macros _init and _exit, which allow the kernel to free up memory.

Write a simple code to output a piece of text to the kernel.

3 , compile the module

Next write Makefile.

One thing to note here is the kernel version, everyone's virtual machine kernel version may not be very similar, need to do is to check the kernel version (see Command uname-r), check the correct kernel path, in the writing of makefile.

After the makefile has been written and determined to be correct, make the action:

After success, there will be a lot of files in your. c file's directory.

Then, the module loading, testing and viewing modules, unloading modules and other simple basic operations.

Load module: insmod

Unload module: Rmmod

DMESG Viewing the test module: ( Note that D must be lowercase )

4 , implementing the output current process information

Code good after repeating the first step of each step, and finally check the output test status as follows:

5 , read the function of the process chain list

Modified on the basis of modgr2.c, used to output the state of the kernel test and read the process chain list.

As you can see, I used a macro called for_each_process (), which is defined as follows:

is actually a for loop, starting with the first PCB (called Init_task) and reading a circle along the next pointer.

This is followed by the same action as in the first step.

Modifies a makefile that already exists for the third compilation.

To compile:

This side of the load will appear a simple but not easy to find the problem: in their own process has been loaded over the kernel, in the teacher acceptance of the repeated loading module operation will be error, error hints very obvious: file existed, the need for the current uninstall, To successfully execute the Load module operation again .

After the problem is discovered, normal operation can be as follows:

Finally look at the test results:

This practice because the code is a direct reference to the camera, so the whole process is relatively simple, lazy people are still honest, but also very good understanding of the Linux kernel module related basic operations. It's a lot of harvest.

Linux and Security Practice II