在内存中定位键盘缓冲区

如何解决在内存中定位键盘缓冲区

我正在尝试创建一个内核模块，通过跟踪 URB 结构中的指针来定位键盘缓冲区。这是用于学术研究，基于哥伦比亚大学创建的概念证明。

http://www.cs.columbia.edu/~mikepo/papers/gpukeylogger.eurosec13.pdf

*复制/粘贴到浏览器：如果您点击链接，则链接不起作用。

操作系统版本：Ubuntu 20.04.2 LTS

内核版本：5.8.0-43-generic

架构：x86_64

这是我的module.c。如果成功，它会定位键盘缓冲区并简单地向内核日志打印一条消息。但是，内核会杀死该模块。

#include <linux/usb.h>
#include <linux/module.h

#include <linux/kernel.h>
#include <linux/init.h>

#define MAX 0xFFFFFF

#define x(y) ((void *)((uint64_t)(y)+PAGE_OFFSET))

static int __init scan_start(void){

        unsigned long long i;

        for(i = 0; i < MAX; i += 0x10){
        struct urb *urbp = (struct urb *)x(i);
                if(((urbp->transfer_dma % 0x20) == 0) &&
                (urbp->transfer_buffer_length == 8) &&
                (urbp->transfer_buffer != NULL) &&
                strncmp(urbp->dev->product,"usb",32) &&
                strncmp(urbp->dev->product,"keyboard",32)){
                // found possible keyboard buffer
                        printk(KERN_INFO "possible buffer");
                        return 0;
                }
        }

        return 0;
}

static void __exit scan_end(void){
        printk(KERN_INFO "End scan\n");
}

module_init(scan_start);
module_exit(scan_end);

这是我的 Makefile：

obj-m = module.o
all:
        make -C /lib/modules/$(shell uname -r)/build/ M=$(PWD) modules
clean:
        make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean

这是该进程的内核日志副本：

Feb 26 08:55:28 blackleopard kernel: [  852.823948] ********This marks the log of the failed module********
Feb 26 08:55:55 blackleopard kernel: [  879.653640] module: module license 'unspecified' taints kernel.
Feb 26 08:55:55 blackleopard kernel: [  879.653642] Disabling lock debugging due to kernel taint
Feb 26 08:55:55 blackleopard kernel: [  879.653911] module: module is already loaded
Feb 26 08:57:40 blackleopard kernel: [  984.501842] Loading seperate module to mark start of kernel log...
Feb 26 08:57:49 blackleopard kernel: [  993.703292] BUG: kernel NULL pointer dereference,address: 00000000000004d0
Feb 26 08:57:49 blackleopard kernel: [  993.703297] #PF: supervisor read access in kernel mode
Feb 26 08:57:49 blackleopard kernel: [  993.703300] #PF: error_code(0x0000) - not-present page
Feb 26 08:57:49 blackleopard kernel: [  993.703302] PGD 0 P4D 0
Feb 26 08:57:49 blackleopard kernel: [  993.703307] Oops: 0000 [#1] SMP PTI
Feb 26 08:57:49 blackleopard kernel: [  993.703312] CPU: 3 PID: 16488 Comm: insmod Tainted: P           OE     5.8.0-43-generic #49~20.04.1-Ubuntu
Feb 26 08:57:49 blackleopard kernel: [  993.703315] Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Z87 Extreme3,BIOS P2.40 01/21/2014
Feb 26 08:57:49 blackleopard kernel: [  993.703321] RIP: 0010:scan_start+0x3d/0x1000 [module2]
Feb 26 08:57:49 blackleopard kernel: [  993.703325] Code: 54 53 31 db 49 8d 44 1d 00 f6 40 68 1f 75 4f 83 b8 80 00 00 00 08 75 46 48 83 78 60 00 74 3f 48 8b 40 40 48 c7 c6 3c 20 11 c1 <4c> 8b a0 d0 04 00 00 4c 89 e7 e8 d4 85 da c9 85 c0 74 21 48 c7 c6
Feb 26 08:57:49 blackleopard kernel: [  993.703328] RSP: 0018:ffffa6758818fc38 EFLAGS: 00010206
Feb 26 08:57:49 blackleopard kernel: [  993.703331] RAX: 0000000000000000 RBX: 0000000000096fa0 RCX: 0000000000000000
Feb 26 08:57:49 blackleopard kernel: [  993.703334] RDX: 0000000000000010 RSI: ffffffffc111203c RDI: ffffffffc0e29000
Feb 26 08:57:49 blackleopard kernel: [  993.703336] RBP: ffffa6758818fc50 R08: ffff97200ecf1060 R09: ffff97200d0079c0
Feb 26 08:57:49 blackleopard kernel: [  993.703338] R10: 0000000000000000 R11: ffff97200ed6c7f0 R12: ffffffffc0e29000
Feb 26 08:57:49 blackleopard kernel: [  993.703341] R13: ffff971c00000000 R14: 0000000000000000 R15: ffffffffc1113000
Feb 26 08:57:49 blackleopard kernel: [  993.703344] FS:  00007f026887f540(0000) GS:ffff97200ecc0000(0000) knlGS:0000000000000000
Feb 26 08:57:49 blackleopard kernel: [  993.703346] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 26 08:57:49 blackleopard kernel: [  993.703348] CR2: 00000000000004d0 CR3: 00000003d72bc002 CR4: 00000000001606e0
Feb 26 08:57:49 blackleopard kernel: [  993.703351] Call Trace:
Feb 26 08:57:49 blackleopard kernel: [  993.703358]  ? 0xffffffffc0e29000
Feb 26 08:57:49 blackleopard kernel: [  993.703365]  do_one_initcall+0x4a/0x200
Feb 26 08:57:49 blackleopard kernel: [  993.703373]  ? _cond_resched+0x19/0x30
Feb 26 08:57:49 blackleopard kernel: [  993.703379]  ? kmem_cache_alloc_trace+0x16c/0x240
Feb 26 08:57:49 blackleopard kernel: [  993.703385]  do_init_module+0x62/0x240
Feb 26 08:57:49 blackleopard kernel: [  993.703390]  load_module+0xfbb/0x11d0
Feb 26 08:57:49 blackleopard kernel: [  993.703398]  __do_sys_finit_module+0xbe/0x120
Feb 26 08:57:49 blackleopard kernel: [  993.703402]  ? __do_sys_finit_module+0xbe/0x120
Feb 26 08:57:49 blackleopard kernel: [  993.703408]  __x64_sys_finit_module+0x1a/0x20
Feb 26 08:57:49 blackleopard kernel: [  993.703414]  do_syscall_64+0x49/0xc0
Feb 26 08:57:49 blackleopard kernel: [  993.703418]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
Feb 26 08:57:49 blackleopard kernel: [  993.703421] RIP: 0033:0x7f02689c489d
Feb 26 08:57:49 blackleopard kernel: [  993.703425] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c3 f5 0c 00 f7 d8 64 89 01 48
Feb 26 08:57:49 blackleopard kernel: [  993.703427] RSP: 002b:00007ffc2a1906f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
Feb 26 08:57:49 blackleopard kernel: [  993.703431] RAX: ffffffffffffffda RBX: 000055db93e9b7c0 RCX: 00007f02689c489d
Feb 26 08:57:49 blackleopard kernel: [  993.703433] RDX: 0000000000000000 RSI: 000055db92bfc358 RDI: 0000000000000003
Feb 26 08:57:49 blackleopard kernel: [  993.703435] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f0268a98260
Feb 26 08:57:49 blackleopard kernel: [  993.703437] R10: 0000000000000003 R11: 0000000000000246 R12: 000055db92bfc358
Feb 26 08:57:49 blackleopard kernel: [  993.703439] R13: 0000000000000000 R14: 000055db93e9b780 R15: 0000000000000000
Feb 26 08:57:49 blackleopard kernel: [  993.703443] Modules linked in: module2(POE+) hello(OE) btrfs blake2b_generic xor raid6_pq ufs qnx4 hfsplus hfs minix ntfs msdos jfs xfs libcrc32c cpuid rfcomm joydev input_leds cmac algif_hash algif_skcipher af_alg bnep nls_iso8859_1 snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio nouveau snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event iwlmvm ttm mac80211 drm_kms_helper libarc4 intel_rapl_msr intel_rapl_common cec rc_core snd_rawmidi snd_seq i2c_algo_bit x86_pkg_temp_thermal btusb fb_sys_fops syscopyarea sysfillrect sysimgblt btrtl intel_powerclamp snd_seq_device snd_timer snd soundcore btbcm btintel coretemp iwlwifi bluetooth kvm_intel ecdh_generic ecc kvm crct10dif_pclmul ghash_clmulni_intel aesni_intel crypto_simd mei_hdcp mei_me cryptd mei cfg80211 glue_helper at24 rapl intel_cstate mac_hid efi_pstore mxm_wmi intel_smartconnect sch_fq_codel parport_pc ppdev lp parport drm ip_tables x_tables autofs4
Feb 26 08:57:49 blackleopard kernel: [  993.703490]  hid_generic uas usbhid usb_storage hid crc32_pclmul ahci e1000e i2c_i801 libahci i2c_smbus xhci_pci lpc_ich xhci_pci_renesas video wmi [last unloaded: hello]
Feb 26 08:57:49 blackleopard kernel: [  993.703503] CR2: 00000000000004d0
Feb 26 08:57:49 blackleopard kernel: [  993.703506] ---[ end trace 5e61b9c07c62037a ]---
Feb 26 08:57:50 blackleopard kernel: [  994.243861] RIP: 0010:scan_start+0x3d/0x1000 [module2]
Feb 26 08:57:50 blackleopard kernel: [  994.243864] Code: 54 53 31 db 49 8d 44 1d 00 f6 40 68 1f 75 4f 83 b8 80 00 00 00 08 75 46 48 83 78 60 00 74 3f 48 8b 40 40 48 c7 c6 3c 20 11 c1 <4c> 8b a0 d0 04 00 00 4c 89 e7 e8 d4 85 da c9 85 c0 74 21 48 c7 c6
Feb 26 08:57:50 blackleopard kernel: [  994.243865] RSP: 0018:ffffa6758818fc38 EFLAGS: 00010206
Feb 26 08:57:50 blackleopard kernel: [  994.243867] RAX: 0000000000000000 RBX: 0000000000096fa0 RCX: 0000000000000000
Feb 26 08:57:50 blackleopard kernel: [  994.243868] RDX: 0000000000000010 RSI: ffffffffc111203c RDI: ffffffffc0e29000
Feb 26 08:57:50 blackleopard kernel: [  994.243869] RBP: ffffa6758818fc50 R08: ffff97200ecf1060 R09: ffff97200d0079c0
Feb 26 08:57:50 blackleopard kernel: [  994.243870] R10: 0000000000000000 R11: ffff97200ed6c7f0 R12: ffffffffc0e29000
Feb 26 08:57:50 blackleopard kernel: [  994.243871] R13: ffff971c00000000 R14: 0000000000000000 R15: ffffffffc1113000
Feb 26 08:57:50 blackleopard kernel: [  994.243873] FS:  00007f026887f540(0000) GS:ffff97200ecc0000(0000) knlGS:0000000000000000
Feb 26 08:57:50 blackleopard kernel: [  994.243874] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 26 08:57:50 blackleopard kernel: [  994.243875] CR2: 00000000000004d0 CR3: 00000003d72bc002 CR4: 00000000001606e0

当我尝试加载模块 insmod module.ko 时，它很快就会被杀死。有谁知道可能出什么问题并对如何更改代码有任何建议？

解决方法

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。