/KernelPatch

Patching and hooking the Linux kernel with only a stripped Linux kernel image.

Primary LanguageCGNU General Public License v2.0GPL-2.0

KernelPatch

Patching and hooking the Linux kernel with only stripped Linux kernel image.

 _  __                    _ ____       _       _     
| |/ /___ _ __ _ __   ___| |  _ \ __ _| |_ ___| |__  
| ' // _ \ '__| '_ \ / _ \ | |_) / _` | __/ __| '_ \ 
| . \  __/ |  | | | |  __/ |  __/ (_| | || (__| | | |
|_|\_\___|_|  |_| |_|\___|_|_|   \__,_|\__\___|_| |_|
  • Obtain all symbol information without source code and symbol information.
  • Inject arbitrary code into the kernel. (Static patching the kernel image or Runtime dynamic loading).
  • Kernel function inline hook and syscall table hook are provided.
  • Additional SU for Android.

If you are using Android, APatch would be a better choice.

Requirement

CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y (CONFIG_KALLSYMS_ALL=n, Planned support)

Supported Versions

Currently only supports arm64 architecture.

Linux 3.18 - 6.2 (theoretically)
Linux 6.3+ (not yet adapted)

Get Help

Get Involved

Community Discussion

More Information

Documentation

Credits

  • vmlinux-to-elf: Some ideas for parsing kernel symbols.
  • android-inline-hook: Some code for fixing arm64 inline hook instructions.
  • tlsf: Memory allocator used for KPM. (Need another to allocate ROX memory.)

License

KernelPatch is licensed under the GNU General Public License (GPL) 2.0 (https://www.gnu.org/licenses/old-licenses/gpl-2.0.html).