LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
查看: 946|回复: 0

我写的一个内核程序不知道怎么改,求助高手

[复制链接]
发表于 2006-11-27 09:41:46 | 显示全部楼层 |阅读模式
这是错误:
[root@localhost kernelstudy]# gcc -DMODULE -DLINUX -D__KERNEL__ -I /usr/src/linux-2.4/include/ -O2 -c syscall.c
syscall.c:38: two or more data types in declaration of `idt48'
syscall.c: In function `real_handler':
syscall.c:66: `__NR__execve' undeclared (first use in this function)
syscall.c:66: (Each undeclared identifier is repo


代码:
#ifndef MODULE
#define MODULE
#endif

#ifndef __KERNEL__
#define __KERNEL__
#endif

#ifndef NULL
#define NULL 0L
#endif

#include<linux/module.h>
#include<asm/unistd.h>
#include<linux/unistd.h>
#include<linux/kernel.h>
#include<linux/slab.h>
MODULE_LICENSE("GPL");

void new80_handle();
static unsigned long old80_handle;
extern char *getname(const char *filename);
extern kmem_cache_t *names_cachep;

static unsigned long eax,ebx,ecx;
struct descriptor_idt
{
     unsigned short offset_low;
     unsigned short ignore1;
     unsigned short ignore2;
     unsigned short offset_high;
}

static struct{
       unsigned short limit;
       unsigned long  base;
} __attribute__ ((packed)) idt48;

static void puppet_handle(void)
{
   __asm__(
        ".type new80_handle,@function\n"
        ".align 4\n"
        "new80_handle:\n"
        "pusha \n"
        "pushl %%es/n"
        "pushl %%ds/n"
        "movl %%eax,%0\n"
        "movl %%ebx,%1\n"
        "movl %%ecx,%2\n"
        "call real_handler \n"

        "popl %%ds\n"
        "popl %%es\n"
        "popa \n"
        "jmp *old80_handle"

        ::"m"(eax),"m"(ebx),"m"(ecx)
        );

}
static void real_handler()
{
      char *pName=NULL;
      if(eax==__NR__execve)
        {
             pName=getname((char*)ebx);
            
             if(pName)
               {
                  printk("the program is %s.\n",pName);
                  kmem_cache_free(names_cachep,(void*)(pName));
               }
        }
       else if(eax==0x200)
        {
            
            printk("eax=0x%x,ebx=0x%x,ecx=0x%x\n",eax,ebx,ecx);
        }
}
int init_module(void)
{
    __asm__ __volatile__("sidt%0":"=m"(idt48));
    struct descriptor_idt *pIdt80;
     pIdt80=(struct descriptor_idt*)(idt48.base+8*0x80);
    old80_handle=(pIdt80->offset_high<<16|pIdt80->offset_low);
    unsigned long new80_addr=(unsigned long)new80_handle;
    pIdt80->offset_low=(unsigned short )(new80_addr & 0x0000ffff);
    pIdt80->offset_high+(unsigned short)(new80_addr>>16);
    printk("Ok,we capture syscall successfull.\n");
    return 0;
}

void cleanup_module()
{
   __asm__ __volatile__("sidt%0":"=m"(idt48));
   struct descriptor_idt *pIdt80=(struct descriptor_idt*)(idt48.base+8*0x80);
    pIdt80->offset_low=(unsigned short )(old80_handle &0x0000ffff);
    pIdt80->offset_high=(unsigned short )(old80_handle>>16 );
    printk("ok,we leave capture.\n");
}
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表