代码拉取完成,页面将自动刷新
同步操作将从 异想天开/openwrt_mt7688_ctest 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
/*
* Linux kernel module fucker
*
* by wzt <wzt.wzt@gmail.com>
*
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <elf.h>
#include <sys/stat.h>
#include <sys/mman.h>
#define MODULE_NAME_LEN (64 - sizeof(unsigned long))
struct modversion_info
{
unsigned long crc;
char name[MODULE_NAME_LEN];
};
Elf32_Ehdr *ehdr = NULL;
Elf32_Phdr *phdr = NULL;
Elf32_Shdr *shdr = NULL;
Elf32_Shdr *shstrtab = NULL;
Elf32_Sym *dynsym_ptr = NULL;
Elf32_Sym *symtab_ptr = NULL;
Elf32_Sym *dynstr_ptr = NULL;
char *Real_strtab = NULL;
char *dynstr = NULL;
char *strtab_ptr = NULL;
char dynstr_buffer[2048];
char strtab_buffer[4096];
char *real_strtab = NULL;
unsigned int shstrtab_off, shstrtab_len, shstrtab_num;
unsigned int strtab_off, strtab_size;
int elf_fd;
struct stat f_stat;
void usage(char *pro)
{
fprintf(stderr, "usage: %s <options> <module>\n\n", pro);
fprintf(stderr, "-w -v\tCheck vermgaic in module.\n");
fprintf(stderr, "-w -c\tCheck crc value in module.\n");
fprintf(stderr, "-s -v <new_vermagic>\tSet vermagic in module.\n");
fprintf(stderr, "-s -c\tSet crc value in module.\n");
exit(0);
}
int init_load_elf(char *elf_file)
{
char buff[1024];
elf_fd = open(elf_file, O_RDWR);
if (elf_fd == -1) {
perror("open");
return 0;
}
fprintf(stderr, "[+] Open %s ok.\n", elf_file);
if (fstat(elf_fd, &f_stat) == -1) {
perror("fstat");
return 0;
}
ehdr = (Elf32_Ehdr *)mmap(NULL, f_stat.st_size, PROT_WRITE|PROT_READ, MAP_SHARED, elf_fd, 0);
if(ehdr == MAP_FAILED) {
perror("mmap");
return 0;
}
phdr = (Elf32_Phdr *)((unsigned long)ehdr + ehdr->e_phoff);
shdr = (Elf32_Shdr *)((unsigned long)ehdr + ehdr->e_shoff);
shstrtab = &shdr[ehdr->e_shstrndx];
shstrtab_off = (unsigned int)shstrtab->sh_offset;
shstrtab_len = shstrtab->sh_size;
real_strtab = (char *)( (unsigned long)ehdr + shstrtab_off );
printf("[+] .Shstrtab Size :0x%x,%d\n", shstrtab->sh_size, shstrtab->sh_name);
printf("[+] .Shstrtab Off: 0x%x\n", shstrtab_off);
return 1;
}
int display_module_crc_info(void)
{
struct modversion_info *versions;
char *buff = NULL;
unsigned int version_off, version_size, num_versions;
int i, j;
buff = (char *)malloc(shstrtab_len + 2);
if (!buff) {
fprintf(stderr, "[-] Malloc failed.\n");
return 0;
}
memcpy(buff, real_strtab, shstrtab_len + 1);
for (i = 0 ; i < (int)ehdr->e_shnum ; i++){
if (!strcmp(buff + shdr[i].sh_name,"__versions")){
printf("[+] found section %s.\n", buff + shdr[i].sh_name);
version_off = (unsigned int)shdr[i].sh_offset;
version_size = (unsigned int)shdr[i].sh_size;
printf("[+] version off: 0x%x\n", version_off);
printf("[+] version size: 0x%x\n", version_size);
break;
}
}
printf("[+] %x,%x\n", (unsigned long)ehdr + version_off, shdr[i].sh_addr);
versions = (void *)((unsigned long)ehdr + version_off);
num_versions = version_size / sizeof(struct modversion_info);
printf("[+] num_versions: %d\n", num_versions);
for (j = 0; j < num_versions; j++) {
printf("[+] %s:0x%08x.\n", versions[j].name, versions[j].crc);
}
free(buff);
return 1;
}
int set_module_crc_info(void)
{
struct modversion_info *versions;
char *buff = NULL;
unsigned int version_off, version_size, num_versions;
int i, j;
buff = (char *)malloc(shstrtab_len + 2);
if (!buff) {
fprintf(stderr, "[-] Malloc failed.\n");
return 0;
}
memcpy(buff, real_strtab, shstrtab_len + 1);
for (i = 0 ; i < (int)ehdr->e_shnum ; i++){
if (!strcmp(buff + shdr[i].sh_name,"__versions")){
printf("[+] found section %s.\n", buff + shdr[i].sh_name);
version_off = (unsigned int)shdr[i].sh_offset;
version_size = (unsigned int)shdr[i].sh_size;
printf("[+] version off: 0x%x\n", version_off);
printf("[+] version size: 0x%x\n", version_size);
break;
}
}
printf("[+] %x,%x\n", (unsigned long)ehdr + version_off, shdr[i].sh_addr);
versions = (void *)((unsigned long)ehdr + version_off);
num_versions = version_size / sizeof(struct modversion_info);
printf("[+] num_versions: %d\n", num_versions);
for (j = 0; j < num_versions; j++) {
printf("[+] %s:0x%08x.\n", versions[j].name, versions[j].crc);
if (!strcmp(versions[j].name, "struct_module")) {
fprintf(stderr, "[+] Found symbol struct_module.\n");
versions[j].name[0] = 'T';
break;
}
}
for (j = 0; j < num_versions; j++) {
printf("[+] %s:0x%08x.\n", versions[j].name, versions[j].crc);
}
free(buff);
return 1;
}
static char *next_string(char *string, unsigned long *secsize)
{
/* Skip non-zero chars */
while (string[0]) {
string++;
if ((*secsize)-- <= 1)
return NULL;
}
/* Skip any zero padding. */
while (!string[0]) {
string++;
if ((*secsize)-- <= 1)
return NULL;
}
return string;
}
static char *get_modinfo(Elf32_Shdr *sechdrs, unsigned int info, const char *tag)
{
char *p;
unsigned int taglen = strlen(tag);
unsigned long size = sechdrs[info].sh_size;
for (p = (char *)(ehdr +sechdrs[info].sh_offset); p; p = next_string(p, &size)) {
if (strncmp(p, tag, taglen) == 0 && p[taglen] == '=')
return p + taglen + 1;
}
return NULL;
}
int display_module_vermagic_info(void)
{
char *buff, *p;
char *ver = "vermagic";
unsigned int taglen = strlen(ver);
int size, i;
buff = (char *)malloc(shstrtab_len + 2);
if (!buff) {
fprintf(stderr, "[-] Malloc failed.\n");
return 0;
}
memcpy(buff, real_strtab, shstrtab_len + 1);
for (i = 0 ; i < (int)ehdr->e_shnum ; i++){
if (!strcmp(buff + shdr[i].sh_name,".modinfo")){
printf("[+] found section %s.\n", buff + shdr[i].sh_name);
break;
}
}
size = shdr[i].sh_size;
printf("[+] size: 0x%x.\n", size);
p = (char *)((unsigned long)ehdr + shdr[i].sh_offset);
printf("[+] 0x%08x\n", p);
for (; p; p = next_string(p, &size)) {
printf("[+] %s\n", p);
if (strncmp(p, "vermagic", taglen) == 0 && p[taglen] == '=') {
printf("[+] %s\n", p + taglen + 1);
//memset(p + taglen + 1, 'A', 30);
}
}
return 1;
}
int set_module_vermagic_info(char *new_vermagic)
{
char *buff, *p;
char *ver = "vermagic";
unsigned int taglen = strlen(ver);
int size, i;
buff = (char *)malloc(shstrtab_len + 2);
if (!buff) {
fprintf(stderr, "[-] Malloc failed.\n");
return 0;
}
memcpy(buff, real_strtab, shstrtab_len + 1);
for (i = 0 ; i < (int)ehdr->e_shnum ; i++){
if (!strcmp(buff + shdr[i].sh_name,".modinfo")){
printf("[+] found section %s.\n", buff + shdr[i].sh_name);
break;
}
}
size = shdr[i].sh_size;
printf("[+] size: 0x%x.\n", size);
p = (char *)((unsigned long)ehdr + shdr[i].sh_offset);
printf("[+] 0x%08x\n", p);
for (; p; p = next_string(p, &size)) {
printf("[+] %s\n", p);
if (strncmp(p, "vermagic", taglen) == 0 && p[taglen] == '=') {
printf("[+] %s\n", p + taglen + 1);
if (strlen(p + taglen + 1) < strlen(new_vermagic)) {
printf("[-] New vermagic len must < current magic len.\n");
return 0;
}
memset(p + taglen + 1, '\0', strlen(new_vermagic));
memcpy(p + taglen + 1, new_vermagic, strlen(new_vermagic));
}
}
return 1;
}
int exit_elf_load(void)
{
close(elf_fd);
if (munmap(ehdr, f_stat.st_size) == -1) {
return 0;
}
return 1;
}
int main(int argc, char **argv)
{
if (argc == 1) {
usage(argv[0]);
}
if (!strcmp(argv[1], "-w") && !strcmp(argv[2], "-c")) {
fprintf(stderr, "[+] Display %s module crc value.\n", argv[3]);
if (!init_load_elf(argv[3])) {
fprintf(stderr, "[-] Init elf load failed.\n");
return 0;
}
display_module_crc_info();
exit_elf_load();
}
else if (!strcmp(argv[1], "-s") && !strcmp(argv[2], "-c")) {
fprintf(stderr, "[+] Set %s module crc value.\n", argv[3]);
if (!init_load_elf(argv[3])) {
fprintf(stderr, "[-] Init elf load failed.\n");
return 0;
}
set_module_crc_info();
exit_elf_load();
}
if (!strcmp(argv[1], "-w") && !strcmp(argv[2], "-v")) {
fprintf(stderr, "[+] Display %s module crc value.\n", argv[3]);
if (!init_load_elf(argv[3])) {
fprintf(stderr, "[-] Init elf load failed.\n");
return 0;
}
display_module_vermagic_info();
exit_elf_load();
}
if (!strcmp(argv[1], "-s") && !strcmp(argv[2], "-v")) {
fprintf(stderr, "[+] Display %s module crc value.\n", argv[4]);
if (!init_load_elf(argv[4])) {
fprintf(stderr, "[-] Init elf load failed.\n");
return 0;
}
set_module_vermagic_info(argv[3]);
exit_elf_load();
}
else {
return 0;
}
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
