/low-level-hooker

A linux kernel funtions hooking module

Primary LanguageCMIT LicenseMIT

low-level-hooker

Hook linux kernel functions without using ftrace or kprobe.
Note: It's a learning project developed in two day. Things may not work properly in your environment.

Usage

  • Open call_hooker.c
  • Define you hooked funtion prototype and required code inside it in similar way done for hookers_piston which is hook for add_num.
  • Change the mentioned three line in my_init() according to your target and hook funtion.
  • test_export.c contain example funtion add_num() which the current setup is hooking. test_caller.c is module that is calling add_num().
  • Compile the all the module using make
  • Import test_export.ko then our hooking module call_hooker.ko then test_caller.ko to see results. Importing command - insmod module_name

Testing

Tested on Debian Stretch