Patching and hooking the Linux kernel with only stripped Linux kernel image.
If you are using Android, AndroidKernelPatch would be a better choice.
English | 简体中文
KernelPatch provides the fundamental capability to parse Linux kernel images without source code and symbol information, allowing for the retrieval of arbitrary symbol offsets and the injection of arbitrary code into the kernel.
Building upon this foundation, KernelPatch offers essential features such as system-call-hook and inline-hook in the kernel.
You have complete control over the kernel, allowing you to implement desired functionalities such as privilege escalation, hiding, monitoring, and more.
KernelPatch is intended solely for learning and communication purposes. It is strictly prohibited from being used for any illegal activities.
Currently only supports arm64 architecture.
Linux 3.8 - 6.2 (theoretically)
Linux 6.3+ (not yet adapted)
- vmlinux-to-elf: Some ideas for parsing kernel symbols.
- android-inline-hook: Some code for fixing arm64 inline hook instructions.
- https://elixir.bootlin.com: Linux source code online.
KernelPatch is licensed under the GNU General Public License v3 (GPL-3) (http://www.gnu.org/copyleft/gpl.html).