>> Is it possible to change a function (not a syscall) which is public
>> (i.e shown in /proc/ksyms) from a module? Something like changing the
>> address to the function so my function will be called instead of the
>> public one?
> Depends on how much you like code that is too ugly to exist...
Yes.
> Basically it searches for an instruction that starts with 0xE8 (the call
> instruction), and then checks to see if the address pointed to is the
> function that we want to intercept. If so, it replaces the address with
> the calculated address of our function.
This requires that you find all references to the function you want to
patch. An alternative would be to overwrite the first few bytes of the
function with a jump instruction to your substitute. If you then need
to call the original function you'll need to "emulate" the first few
instructions and jump back a little bit later in the function. There
are many things that will prevent you from doing this in a generic
manner - relative jumps in the first few instructions, functions
shorter than a full jump instruction, jumps to a little bit after the
start of the function, etc, etc.
As with the other approach, this doesn't stack, is not 100% reliable
and is ugly as sin. It served me well, though, back in the DOS days...
I had an excuse then - I didn't have the source code :)
Regards,
Borislav
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/