blob: 35afd58fcfe6769fbc8cc654eeaac736a1cb6c6d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
a
According to https://en.wikipedia.org/wiki/Control_register#CR4, the SMAP and SMEP bits are used to protect ring 0.
If writing to CR4 would be allowed, we could disable this protection, and access kernel space data (e.g.)
b
0x40050e <main+8> mov %cr4,%rax
This attempts to move the RAX register to the CR4 register, i.e. to write to CR4.
c
Done. I suppose it isn't necessary to give you the code or results, as all was needed was copying from the given website.
d
See hello-cr4.c and Makefile.
# make
[..]
# insmod hello-cr4.ko
[15892.352286] Hello world! CR4 = 7f0
|
