ftrace-hook Linux kernel module demonstrating usage of ftrace framework for function hooking: as in executing arbitrary code around the hooked function. The code is licensed under GPLv2. How to build Please consider using a virtual machine (VirtulBox, VMWare, QEMU, etc.) for experiments. The (...
It was heavily inspired by the ftrace framework of the Linux kernel and the name uftrace stems from the combination of user and ftrace. It can record data from: User space C/C++/Rust functions, by either dynamically patching functions using -P., or else selective NOP patching using code com...
# # Automatically generated file; DO NOT EDIT. # Linux/x86 6.1.21.21 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Ubuntu 11.1.0-1ubuntu1~20.04) 11.1.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=110100 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y CONFIG_AS_VERSION=23400 CONFIG_...
$ cd ftrace-hook $ make make -C /lib/modules/4.9.0-5-amd64/build M=/home/ilammy/dev/ftrace-hook modules make[1]: Entering directory '/usr/src/linux-headers-4.9.0-5-amd64' CC [M] /home/ilammy/dev/ftrace-hook/ftrace_hook.o Building modules, stage 2. MODPOST 1 modules CC /hom...
【linux内核调试】使用Ftrace来Hook linux内核函数 【linux内核调试】ftrace/kprobes/SystemTap内核调试方法对比 【KVM】KVM学习—实现自己的内核 Reference: linux-security-papers linux-kernel-exploitation GoSSIP_Software Security Group 为什么是最好的 GitHub 项目? 技术的发展速度比以往任何时候都快,技术正在...
You can do this to search for PIDs, hidden directories for example. By disabling ftrace you basically make any ftrace hook useless, but if you enable it again, the hooks will work again. (remembering that there are ways to protect your rootkit that uses ftrace from being bypassed in this ...
hook <Function> (Linux) kill/tkill <Signal> (Linux/MacOS) limitcpu <CPU> (Linux) limitcpuset <CPU> (Linux) limitmem <Memory> (Linux) limitpid <Task> (Linux) limitread <I/O> (Linux) limitwrite <I/O> (Linux) pause <Thread> (Linux) remote <Command> (Linux) rlimit <Resource> (...
This functionality is currently utilized by BPF trampolines to hook into kernel function entries. Since we have limited relative branch range, we support ftrace direct calls through support for DYNAMIC_FTRACE_WITH_CALL_OPS. In this approach, ftrace trampoline is not entirely bypassed. Rather, it ...
b) Turning on some Ftrace tracers (or plugins), such as CONFIG_IRQSOFF_TRACER, would be useful as we actually make use of it in our Linux Kernel Programming (Part 2) book in the Handling Hardware Interrupts chapter; (note that though Ftrace itself may be enabled by default, all its ...
It was heavily inspired by the ftrace framework of the Linux kernel and the name uftrace stems from the combination of user and ftrace. It can record data from: User space C/C++/Rust functions, by either dynamically patching functions using -P., or else selective NOP patching using code com...