Comment on page
Interacting with Kernel Modules

Character devices
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
​
#define KERN_MODULE "/dev/kernel-overflow"
void main()
{
    /*
     * Interacting with this kernel module is easy
     * just treat it like a file
     */
​
    int fd;
    unsigned long stack_cookie;
​
    fd = open(KERN_MODULE, O_RDWR);
    if (fd < 0) exit(-1);
    
    close(fd);
    
}
unsigned long do_read(int fd)
{
    int bytes_read;
    unsigned long * buf = NULL;
    unsigned long stack_cookie;
    unsigned int cookie_offset = 16;
​
    buf = malloc(BUF_SIZE);
    if (buf == NULL) exit_and_log("Failed to malloc\n");
---
    memset(buf, '\x00', BUF_SIZE);
​
    bytes_read = read(fd, buf, BUF_SIZE);
​
    /*
     * For every 8 bytes read, print them
     */
    for(int i =0; i <(BUF_SIZE / WORD_SIZE);i++)
    {
        printf("buf + 0x%X\t: %lX\n",i*WORD_SIZE, buf[i]);        
    }
​
    stack_cookie = buf[cookie_offset];
    free(buf);
​
    return stack_cookie; 
}
Setup
Kernel stack cookies
Last modified 2yr ago