Execute code in kernel mode.


 
Thread Tools Search this Thread
Top Forums Programming Execute code in kernel mode.
# 1  
Old 03-14-2011
Execute code in kernel mode.

Hi everyone. I would like to hook a system function (gettimeofday) to modify it. I guess I'll need kernel mode to do that. By the way, how could I do it (c++ or c)?

I want to modify that function for one process which I know the PID. So I need to return my own value for that PID and real value for any other PID.

Thank you for read.
# 2  
Old 03-14-2011
You may be able to do this without resorting to hacking and recompiling your kernel, but it depends on your system, what is it?

libkeepalive for instance overloads the socket() call without modifying the kernel, by intercepting function calls in libc. It needs the LD_PRELOAD option though, which AFAIK is linux-specific.
This User Gave Thanks to Corona688 For This Post:
# 3  
Old 03-14-2011
I'm using ubuntu:

Code:
$ uname -a
Linux ********* 2.6.35-27-generic #48-Ubuntu SMP Tue Feb 22 20:25:46 UTC 2011 x86_64 GNU/Linux

I would like to do a kind of "speed hack" like Cheat Engine does for Windows. So I need to modify that function to return fake values, so apps think the time between tick and tick was twice or thrice of the real.

I don't care about the method if it can be applied to any application, and it doesn't do any kind of lag because the code. So all you give me will be accepted.
# 4  
Old 03-14-2011
LD_PRELOAD will work for you then. Take a look at the code used in libkeepalive, it overrides socket(), you should be able to override gettimeofday() the same way. Force your fake library to be overloaded first with LD_PRELOAD="/path/to/my/fake/library.so" and it will call timeofday from it instead if it finds it there.

Do not export LD_PRELOAD="..." for the whole system, just when running that application. You could mess up your system pretty severely if it got preloaded in places you didn't intend.
This User Gave Thanks to Corona688 For This Post:
# 5  
Old 03-14-2011
I'm forcing that function to print twice as the time that happened but nothing happens. To test, I added print("LOOOLAZO") but it doesn't print Smilie. Here is the code I'm using:

speed hack library:
Code:
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <dlfcn.h>
#include <stdio.h>

static timeval * timezero = 0;

typedef int (*go)(timeval *tv, timezone *tz);

int gettimeofday(timeval *tv, timezone *tz)
{
    // Testing purposes:
    printf("LOOOLAZO");
    go gettimeofday_orig;
    int val;
    gettimeofday_orig=(go)dlsym(RTLD_NEXT,"gettimeofday");
    if (!timezero)
    {
        timezero = new timeval;
        timezone tmp;
        val = gettimeofday_orig(timezero,&tmp);
        (*tv) = (*timezero);
        (*tz) = tmp;
        return val;
    }
    // Double speed:
    timezone tmpz;
    timeval tmpv;
    val = gettimeofday_orig(&tmpv,&tmpz);
    tmpv.tv_sec = 2*tmpv.tv_sec - timezero->tv_sec;
    tmpv.tv_usec = 2*tmpv.tv_usec - timezero->tv_usec;
    while(tmpv.tv_usec >= 1000000)
    {
        tmpv.tv_usec -= 1000000;
        tmpv.tv_sec += 1;
    }
    return val;
}

executable main.cpp:
Code:
#include <stdio.h>
#include <sys/time.h>

using namespace std;

int main(int argc, char ** argv)
{
    struct timezone tmpz;
    timeval tmpv;
    while (true)
    {
        gettimeofday(&tmpv,&tmpz);
        printf("S: %i MS: %i\n",tmpv.tv_sec, tmpv.tv_usec);
    }

    return 0;
}

Line export:

Code:
export LD_PRELOAD="/home/******/proyectos/cheat engine/bin/speedhacklib/speedhack.so"

Output:
Code:
S: 1300139092 MS: 722327
S: 1300139092 MS: 722330
S: 1300139092 MS: 722333
S: 1300139092 MS: 722336
S: 1300139092 MS: 722340
S: 1300139092 MS: 722343
S: 1300139092 MS: 722346
S: 1300139092 MS: 722349
S: 1300139092 MS: 722352
S: 1300139092 MS: 722355
S: 1300139092 MS: 722358
S: 1300139092 MS: 722361
S: 1300139092 MS: 722365

No LOOOLAZO anywhere. Any idea?

Thank you for reading.
# 6  
Old 03-14-2011
Quote:
Originally Posted by lilezek
No LOOOOOL anywhere. Any idea?
I don't see any LOOOOOL in your speedhack code, either.

Be sure to use write(), not a stdio function like printf(). Also be sure to write to stderr(FD 2), not stdout, since that might buffer.

Code:
write(2, "LOOOL", 5);

# 7  
Old 03-14-2011
Sorry, it is not LOOOOOL, it is LOOOLAZO at the start of the gettimeofday from speed hack. A no sense mistake, sorry.

---------- Post updated at 04:55 PM ---------- Previous update was at 04:49 PM ----------

New code:

Code:
#include <iostream>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <dlfcn.h>

static timeval * timezero = 0;

typedef int (*go)(struct timeval *tv,struct timezone *tz);

int gettimeofday(struct timeval *tv, struct timezone *tz)
{
    write(2, "LOOOL", 5);
    go gettimeofday_orig;
    int val;
    gettimeofday_orig=(go)dlsym(RTLD_NEXT,"gettimeofday");
    if (!timezero)
    {
        timezero = new timeval;
        struct timezone tmp;
        val = gettimeofday_orig(timezero,&tmp);
        (*tv) = (*timezero);
        (*tz) = tmp;
        return val;
    }
    // Doblar la velocidad:
    struct timezone tmpz;
    struct timeval tmpv;
    val = gettimeofday_orig(&tmpv,&tmpz);
    tmpv.tv_sec = 2*tmpv.tv_sec - timezero->tv_sec;
    tmpv.tv_usec = 2*tmpv.tv_usec - timezero->tv_usec;
    while(tmpv.tv_usec >= 1000000)
    {
        tmpv.tv_usec -= 1000000;
        tmpv.tv_sec += 1;
    }
    return val;
}

I don't know why when I add <iostream> I'm forced to write c code instead c++. I needed to write struct at each declaration of structure... Any idea?

PD: It seems not to get executed. Just that.

Last edited by pludi; 03-14-2011 at 08:10 PM.. Reason: Language
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Precaution to access user mode buffers from kernel

When accessing a user mode buffers from kernel space drivers what precautions must we take and how those precautions need to be implemented? (0 Replies)
Discussion started by: rupeshkp728
0 Replies

2. Programming

HELP!!: CPU resource allocation between kernel modules and user mode process

Hi,all: I run my program which consists of one kernel module and one user mode process on a dual core server. The problem here is the kernel module consumes 100% of one core while the user mode process only consumes 10% of the other core, is there any solution that I can assign some computing... (1 Reply)
Discussion started by: neyshule
1 Replies

3. Programming

which function copies data from user to kernel mode

when transitionaning from user to kernel mode which function copies data from user mode buffer to kernel mode? (5 Replies)
Discussion started by: rupeshkp728
5 Replies

4. SCO

PANIC: k_trap - Kernel mode trap type 0x0000000E

Hi, i'm another question: I'm a directory /usr/data on my server sco unix 5.0.5: # du /usr/data 4386948 /usr/data I'm tried to connect to ftp directory /usr/data to this server and: PANIC: k_trap - Kernel mode trap type 0x0000000E Cannot dump 262040 pages to dumpdev hd(1/41):space... (3 Replies)
Discussion started by: sebpes
3 Replies

5. UNIX for Dummies Questions & Answers

Kernel Mode

Hi all i have queastion. Can anybody pease help me what is user mode and kernel mode and the term "De-mountable volumes" means? Thanks Palash (2 Replies)
Discussion started by: palash2k
2 Replies

6. Programming

Aplication user and kernel mode (data access)

Hi all, I am trying to setup a program to use a device driver and am confusing buffer access between User and Kernel mode. I think all applications running in User space have to communicate with the device drivers using io control calls and then have some functions called back from the driver... (1 Reply)
Discussion started by: Brendan Kennedy
1 Replies

7. Linux

Kernel panic - not syncing: cannot execute a PAE-enabled kernel on PAE-less CPU

ok so I just installed fedora core 6 on my dell inspiron 700m and I go to boot into linux and I get this error. Has anyone seen this before? I also had XP Pro and Vista installed on this pc prior to putting fedora core 6 on the machine. I'm trying to setup a triple boot system. Please Help... (2 Replies)
Discussion started by: dave043
2 Replies

8. SCO

unexpected trap in kernel mode

hi, I am trying to install sco openserver 5.0.4 on an old system. However, l was not able to proceed after putting the bootstr l have this panic message of PANIC: K_trap - kernel mode trap tupe 0x00000006 will someone kindly help to decode this error kayode (1 Reply)
Discussion started by: kayode
1 Replies

9. Filesystems, Disks and Memory

k_trap - kernel mode trap type 0x0000000E

HELP is urgently required, I run on SCO Unix 3 and this is the panic message that I get every time that I reboot 10U k_trap - kernel mode trap type 0x0000000E I have checked the swap already having the following results: #swap -l path dev swaplo blocks free... (3 Replies)
Discussion started by: alex_slb
3 Replies
Login or Register to Ask a Question