Practice two--building a module

Source: Internet
Author: User

Kernel module Programming
    • Basic structure of kernel modules

The program structure of the Linux kernel module is: module load function (must), module unload function (must), module license Declaration (must), module parameter (optional), module export symbol ( optional), The module author's information declaration (optional).

A kernel module should contain at least two functions. A "Start" (initialize) function is called init_module () insmod load is executed and there is an "end" The function (to complete the function opposite to the module load function) is called the cleanup_module () rmmod unloaded when it was executed. In fact, from the kernel version 2.3.13 At the beginning we can name the start and end functions arbitrarily. This can be done through the macro module_init () Span style= "FONT-FAMILY:CALIBRI;" >module_exit () implementation, it should be noted that the function must be defined before the use of the macro, or there will be a compilation error.


Module License Declaration describes the license permissions for the kernel module in the format module_license ("Dual bsd/gpl") linux acceptable license " GPL "," GPL v2 ", Span style= "FONT-FAMILY:CALIBRI;" > "GPL and additional rights" , " Dual BSD/GPL " , Can not be added, the system defaults. If you do not declare license When the module is loaded, it will receive a warning from the kernel.

The module parameter is "the value that can be passed to the module when the module is loaded", which itself corresponds to all the variables inside the module. can use module_param ( parameter name , argument type , read / Write permission ) Define a parameter for the module.

Kernel modules can export symbols (symbol, corresponding to a function or variable )so that other modules can use the variables and functions in this module. the /proc/kallsyms file corresponds to the kernel symbol table, which records the symbol and the memory address where the symbol is located.

The module can use the following macros to export symbols to the kernel symbol table:

Export_symbol ( symbol name );

EXPORT_SYMBOL_GPL (in accordance with the name ); just for the GPL license module.

The exported conformance will be available for use by other modules, which can be used before declaring the following.

Module author's information statement:

Module_autor (" author information ");

Module_description (" module description information ");

Module_version (" version information ");

Module_alias (" alias information ");

Module_device_table (" equipment table information ");

For device drivers such as USB,PCI, a module_device_table is typically created that represents the list of devices supported by the driver.

    • Basic steps for writing kernel modules

1, according to their own needs to write the kernel module source code

2.compile the source code to generate a . ko file

Makefileis required when compiling kernel modules.

Obj-m: =SYSCALL.O myname.o procadd.o FORTUNE.O

PWD: = $ (shell pwd)



Make-c $ (Kdir) m=$ (PWD) modules


Make-c $ (Kdir) m=$ (PWD) Clean

Obj-m: This variable specifies the module to be compiled

Kdir: This is the operating system kernel compilation directory that we are running, that is, the environment required for compiling the module

PWD: This is the current working path, and$ (shell) is A built-in function of make to execute shell commands

Note: To place the Makefile file in the same folder as the four kernel module source code.

3. loading module with insmod command

4. Test Kernel module function

5. uninstalling the module with the rmmod command

    • Kernel module Programming-system call

(1) design ideas

First, you must know the address of the system call table can be replaced, you can directly use the terminal command "cat/proc/kallsyms |grep sys_call_table" to get the native system call table address, I get the system call table address is 0xc1539160. You can view the system call table by looking at the file and view the/usr/src/linux-headers-3.0.0-17/arch/x86/include/asm/unistd_32.h file to see the 223 in the system call table clearly is empty.

The CR0 of the nth position will prohibit the super-privilege, and if cleared, the Super permission is allowed. The super privilege here, of course, includes permission to write to the kernel space. In this way, I can write a zero before writing, so that I can write, and then finish, and then restore the one again.

With this I can replace the 223 in the system call table with my own system call. The system call I added is a function that prints the PID and name of the current process.

Module load function static int __init call_init (void): First save the system call table The system call of the position, and then with static int clear_cr0 (void) clear 0 cr0 16th, make the kernel space writable, in the case of kernel space writable with your own system call asmlinkage long Sys_mycall (void) replace 223 after the replacement is complete. cr0 16th bit position static void Setback_cr0 (int val)

module unload function static void __exit call_exit (void): 16th bit of 0 cr0 with static int clear_cr0 (void) , Makes the kernel space writable, restores the saved system call anything_saved , and then resets the cr0 16th bit to static void after completion setback _CR0 (int val).

(2) source code

#include <linux/kernel.h>

#include <linux/init.h>

#include <linux/module.h>

#include <linux/unistd.h>

#include <linux/sched.h>

Module_license ("GPL");

#define Sys_call_table_address 0xc1539160// sys_call_table extracted from /proc/kallsyms the corresponding address

#define NUM 223// system call number is 223

int orig_cr0; used to store The original value of the CR0 register

unsigned long *sys_call_table_my = 0;

static int (*anything_saved) (void); defines a function pointer that is used to hold a system call

static int clear_cr0 (void)// causes the cr0 Register to be set to 0 ( that is, the kernel-space writable )


unsigned int cr0 = 0;

unsigned int ret;

ASM volatile ("Movl%%cr0,%%eax": "=a" (CR0)); Move the value of the cr0 Register to the eax Register and output to the cr0 variable

ret = CR0;

CR0 &= 0xfffeffff; Clear 0 of the value of the cr0 variable , and one will write the modified value to cr0 Register Device

ASM volatile ("Movl%%eax,%%cr0":: "A" (CR0)); Enter the value of the CR0 variable as input into the register eax and move to the register cr0

return ret;


static void Setback_cr0 (int val)// make cr0 Register non-writable


ASM volatile ("Movl%%eax,%%cr0":: "A" (Val));


Asmlinkage long Sys_mycall (void)// Define your own system call


PRINTK (" module system call - current pid:%d, current comm:%s\n", Current->pid, current- >COMM);

Return current->pid;


static int __init call_init (void)


Sys_call_table_my = (unsigned long*) (sys_call_table_address);

PRINTK ("call_init.......\n");

anything_saved = (int (*) (void))) (Sys_call_table_my[num]); Save system calls on NUM Locations in the system call table

ORIG_CR0 = Clear_cr0 (); make the kernel address space writable

Sys_call_table_my[num] = (unsigned long) &sys_mycall; Replace system calls on NUM locations with your own system calls

SETBACK_CR0 (ORIG_CR0); make the kernel address space non-writable

return 0;


static void __exit call_exit (void)


PRINTK ("call_exit..........\n");

ORIG_CR0 = Clear_cr0 ();

Sys_call_table_my[num] = (unsigned long) anything_saved; Restoring a system call



Module_init (Call_init);

Module_exit (Call_exit);

Module_author ("Qianxintong");

Module_version ("v1.0");

Module_description ("A module for replace a syscall");

(3) test results

Because it replaces the system calls within the system with its own system call, you can write a simple applet to test the system call. The test program I wrote is syscalltry, the source code is as follows:

#include <stdio.h>

#include <stdlib.h>

int main ()


unsigned long x = 0;

x = Syscall (223); Test 223 number system call

printf ("Hello,%ld\n", X);

return 0;


Run this program to test system calls.

Practice two--building a module

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.