A Linux device driver code that can be used to practice various exploit exploits.
First, the device driver
/* DEMO.C */
#include <linux/cdev.h>
#include <linux/device.h>
#include <asm/uaccess.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/fs.h>
Module_license ("Dual BSD/GPL");
#define DEMO_MAJOR 255
#define Demo_minor 0
#define DEMO_COUNT 1
dev_t dev = 0;
U32 demo_major = 0;
U32 Demo_minor = 0;
struct Cdev Demo_cdev;
struct class *dev_class = NULL;
struct device *dev_device = NULL;
int Demo_open (struct inode* inode, struct file *filp) {
PRINTK ("Enter Demo_open () \ n");
return 0;
}
ssize_t demo_read (struct file *filp, char __user *buf, size_t count, loff_t *offset) {
Char s[10] = {0};
PRINTK ("Enter Demo_read () \ n");
/* ADD CODE here */
Copy_from_user (S, buf, sizeof (s)-1);
PRINTK ("read from userspace =%s \ n", s);
return 0;
}
ssize_t demo_write (struct file *filp, const char __user *buf, size_t count, loff_t *offset) {
PRINTK ("Enter demo_write () \ n");
return 0;
}
/*
int Demo_ioctl (struct inode *inode, struct file *filp, unsigned int cmd, unsigned Long data)
{
PRINTK ("Enter Demo_ioctl () \ n");
return 0;
}
*/
int demo_release (struct inode *inode, struct file *filp) {
PRINTK ("Enter demo_release () \ n");
return 0;
}
struct File_operations demo_fops = {
. Owner = This_module,
. open = Demo_open,
. Read = Demo_read,
. write = Demo_write,
/*.ioctl = demo_ioctl,*/
. Release = Demo_release,
};
int __init demo_init (void) {
int ret = 0;
PRINTK ("Enter Demo_init () \ n");
if (demo_major) {
dev = MKDEV (demo_major, Demo_minor);
ret = register_chrdev_region (Dev, Demo_count, "Demo_demo");
} else {
ret = Alloc_chrdev_region (&dev, Demo_minor, Demo_count, "demo_demo02");
}
if (Ret < 0) {
PRINTK ("Register_chrdev_region failed!\n");
Goto Fail_register_chrdev;
}
Demo_major = major (Dev);
PRINTK ("demo_major =%d\n", demo_major);
Cdev_init (&demo_cdev, &demo_fops);
ret = Cdev_add (&demo_cdev, Dev, demo_count);
if (Ret < 0) {
PRINTK ("Cdev_add failed!\n");
Goto Fail_cdev_add;
}
Dev_class = Class_create (This_module, "Demo_class");
if (Is_err (Dev_class)) {
PRINTK ("Class_create failed!\n");
ret = Ptr_err ("Dev_class");
Goto Fail_class_create;
}
Dev_device = device_create (Dev_class, null, dev, null, "demo%d", Demo_minor);
if (Is_err (Dev_device)) {
PRINTK ("Device_create failed!\n");
ret = Ptr_err (dev_device);
Goto Fail_device_create;
}
return 0;
Fail_device_create:
Class_destroy (Dev_class);
Fail_class_create:
Cdev_del (&demo_cdev);
Fail_cdev_add:
Unregister_chrdev_region (Dev, demo_count);
Fail_register_chrdev:
return ret;
}
void __exit demo_exit (void) {
PRINTK ("Enter demo_exit () \ n");
Device_destroy (Dev_class, Dev);
Class_destroy (Dev_class);
Cdev_del (&demo_cdev);
Unregister_chrdev_region (Dev, demo_count);
}
Module_init (Demo_init);
Module_exit (Demo_exit);
Ii.. Makefile Documents
/* Makefile */
Ifneq ($ (kernelrelease),)
Obj-m: = demo.o
Else
Kerneldir =/lib/modules/$ (Shell uname-r)/build
PWD: = $ (shell pwd)
Default
$ (make)-C $ (Kerneldir) m=$ (PWD) modules
endif
Clean
RM-RF *.o *~ core depend. *.cmd *.ko *.mod.c. Tmp_versions Modules.order module.symvers
Third, driver installation script
/* setup.sh */
Rmmod Demo
Insmod./demo.ko
chmod 666/dev/demo0
Four, simple test
/* CLIENT.C */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
Int
Main (int arg, char **argv) {
Char *s = (char*) malloc (20);
memcpy (S, "Hello driver.", 10);
int FD =-1;
if ( -1 = = (FD = open ("/dev/demo0", O_rdonly))) {
Perror ("open");
Return (-1);
}
Read (FD, s, 0, 0);
System ("/bin/sh");
return (0);
}
V. Test results
Kiiim@ubuntu : ~/__demo_driver$./client
Kiiim@ubuntu : ~/__demo_driver$ dmesg
......
[4405.506553] Enter Demo_init ()
[4405.506558] Demo_major = 247
[4408.702358] Enter Demo_open ()
[4408.702365] Enter Demo_read ()
[4408.702366] read from userspace = Hello dri
[4408.702527] Enter demo_release ()
Kiiim@ubuntu : ~/__demo_driver$
Linux device drivers