There seems to be one little-known thing in linux kernel - notification chains. So they have literal analogue of PsSetLoadImageNotifyRoutine - function register_module_notifier. And similarly they don't have a function to enumerate registered notifications - I don`t know why. Maybe they were bitten by Microsoft. Or maybe I want too much from people whose even "The Linux Kernel Module Programming Guide" contains an error in the code example. Anyway I decided to write my own (btw the last time I wrote drivers for Linux was something around 20 years ago)
How to run
git clone https://github.com/redplait/lkcd.gitcd lkcd
make
sudo insmod ./lkcd.ko
cd test
make
sudo ./dtest
backlight_notifier: 0xffffffff8bd86ba0
backlight_notifier cnt: 1
0xffffffffc00c8260 - video
reboot_notifier_list: 0xffffffff8b663140
reboot_notifier_list cnt: 6
0xffffffff8a8e0860 - kernel
0xffffffff8a074f80 - kernel
0xffffffff8a929ea0 - kernel
0xffffffff8a633410 - kernel
0xffffffff8a76e1e0 - kernel
0xffffffff8a213350 - kernel
module_notify_list: 0xffffffff8b6c3420
module_notify_list cnt: 10
0xffffffff8a22b4b0 - kernel
0xffffffff8a1cec70 - kernel
0xffffffff8a1b9860 - kernel
0xffffffff8a1acda0 - kernel
0xffffffff8a17f830 - kernel
0xffffffff8a1a11c0 - kernel
0xffffffff8a1cc280 - kernel
0xffffffff8a191ad0 - kernel
0xffffffff8a11e500 - kernel
0xffffffff8a5a0d60 - kernel
pm_chain_head: 0xffffffff8b66a2a0
pm_chain_head cnt: 9
0xffffffff8a11fd30 - kernel
0xffffffff8a09b490 - kernel
0xffffffff8a769a80 - kernel
0xffffffff8a8cb230 - kernel
0xffffffff8a18ae70 - kernel
0xffffffff8a76e650 - kernel
0xffffffffc030cfb0 - vmwgfx
0xffffffffc05286b0 - intel_rapl_common
0xffffffff8ab13bd0 - kernel
PS: if you know more canonical way to find range of address for kernel - drop me a comment
Комментариев нет:
Отправить комментарий