diff options
Diffstat (limited to 'CamilStaps-s4498062-Assignment-2/ex2')
| -rw-r--r-- | CamilStaps-s4498062-Assignment-2/ex2/Makefile | 8 | ||||
| -rw-r--r-- | CamilStaps-s4498062-Assignment-2/ex2/ex2.txt | 20 | ||||
| -rw-r--r-- | CamilStaps-s4498062-Assignment-2/ex2/hello-cr4.c | 22 |
3 files changed, 50 insertions, 0 deletions
diff --git a/CamilStaps-s4498062-Assignment-2/ex2/Makefile b/CamilStaps-s4498062-Assignment-2/ex2/Makefile new file mode 100644 index 0000000..a87a542 --- /dev/null +++ b/CamilStaps-s4498062-Assignment-2/ex2/Makefile @@ -0,0 +1,8 @@ +obj-m += hello-cr4.o + +all: + make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules + +clean: + make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean + diff --git a/CamilStaps-s4498062-Assignment-2/ex2/ex2.txt b/CamilStaps-s4498062-Assignment-2/ex2/ex2.txt new file mode 100644 index 0000000..35afd58 --- /dev/null +++ b/CamilStaps-s4498062-Assignment-2/ex2/ex2.txt @@ -0,0 +1,20 @@ +a + According to https://en.wikipedia.org/wiki/Control_register#CR4, the SMAP and SMEP bits are used to protect ring 0. + If writing to CR4 would be allowed, we could disable this protection, and access kernel space data (e.g.) + +b + 0x40050e <main+8> mov %cr4,%rax + + This attempts to move the RAX register to the CR4 register, i.e. to write to CR4. + +c + Done. I suppose it isn't necessary to give you the code or results, as all was needed was copying from the given website. + +d + See hello-cr4.c and Makefile. + + # make + [..] + # insmod hello-cr4.ko + [15892.352286] Hello world! CR4 = 7f0 + diff --git a/CamilStaps-s4498062-Assignment-2/ex2/hello-cr4.c b/CamilStaps-s4498062-Assignment-2/ex2/hello-cr4.c new file mode 100644 index 0000000..9db671d --- /dev/null +++ b/CamilStaps-s4498062-Assignment-2/ex2/hello-cr4.c @@ -0,0 +1,22 @@ +#include <linux/module.h> +#include <linux/kernel.h> +#include <linux/init.h> + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Camil Staps"); +MODULE_DESCRIPTION("A Simple Hello World module"); + +static int __init hello_init(void) { + unsigned long long result; + __asm__("movq %%cr4, %%rax\n" : "=a"(result)); + printk(KERN_INFO "Hello world! CR4 = %11x\n", result); + return 0; +} + +static void __exit hello_cleanup(void) { + printk(KERN_INFO "Cleaning up module.\n"); +} + +module_init(hello_init); +module_exit(hello_cleanup); + |