Interacting with Kernel Modules

Character devices

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>

#define KERN_MODULE "/dev/kernel-overflow"
void main()
{
    /*
     * Interacting with this kernel module is easy
     * just treat it like a file
     */

    int fd;
    unsigned long stack_cookie;

    fd = open(KERN_MODULE, O_RDWR);
    if (fd < 0) exit(-1);
    
    close(fd);
    
}

unsigned long do_read(int fd)
{
    int bytes_read;
    unsigned long * buf = NULL;
    unsigned long stack_cookie;
    unsigned int cookie_offset = 16;

    buf = malloc(BUF_SIZE);
    if (buf == NULL) exit_and_log("Failed to malloc\n");
---
    memset(buf, '\x00', BUF_SIZE);

    bytes_read = read(fd, buf, BUF_SIZE);

    /*
     * For every 8 bytes read, print them
     */
    for(int i =0; i <(BUF_SIZE / WORD_SIZE);i++)
    {
        printf("buf + 0x%X\t: %lX\n",i*WORD_SIZE, buf[i]);        
    }

    stack_cookie = buf[cookie_offset];
    free(buf);

    return stack_cookie; 
}

PreviousSetup NextKernel stack cookies

Last updated 3 years ago