This article is about learning relevant knowledge in the process of graduation design 、 Complete notes from hands-on practice , By reading this series , You can understand the underlying principles of system calls from a zero basis and intercept system calls . Due to my limited ability , Some error messages may appear in the article , Please correct me if there is any mistake . in addition , All contents of this series are only used as notes for personal study and research , Reprint please indicate the source . Thank you for your attention ！ This is also a series of articles highly recommended by the author ！

A complete list of articles in the series
System call capture and analysis — adopt ptrace Get system call information
System call capture and analysis — adopt strace Get system call information
System call capture and analysis — Necessary system security knowledge points
System call capture and analysis — Use LKM Method to add a system call

Compile new kernel

Use of experimental environment ubuntu16.04, Kernel version 4.15.0-112-generic, install 4.13.10 Version kernel .

Install dependent environment

sudo apt-get install libncurses5-dev libssl-dev  
sudo apt-get install build-essential openssl  
sudo apt-get install zlibc minizip  
sudo apt-get install libidn11-dev libidn11
sudo apt-get install bison
sudo apt-get install libelf-dev
sudo apt-get install flex
sudo apt-get install vim-gtk

Official website https://www.kernel.org/ download linux-4.13.10.tar.xz, Put it in /usr/src Under the table of contents , And extract the .

sudo cp ./linux-4.13.10.tar.xz /usr/src
cd /usr/src
sudo tar -xavf linux-4.13.10.tar.xz

View the current kernel version uname -r

The current kernel directory config Copy the file to the root directory of the downloaded new kernel source code sudo cp /usr/src/linux-headers-4.15.0-112-generic/.config ./

[ It's not necessary ] configuration option sudo make menuconfig, load .config file choice Load and ok,save and ok, Last exit( It can be understood as make menuconfig Namely make oldconfig Graphic version of . Updating the new settings to .config At the same time , The original .config The file is saved as .config.old).

To configure sudo make oldconfig.

compiling sudo make -j5 ,

sudo make modules_install

There is an error make[1]: *** There are no rules to make goals “debian/canonical-certs.pem”, from “certs/x509

Edit the config file , Will the CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem" Delete the contents in quotation marks .

Install the kernel binary image sudo make install

to update grub guide sudo update-grub2

Restart the computer sudo reboot, Press during startup esc Key to select the new version of the kernel to enter .

Use uname -r Check that the kernel has been updated to the new version .

Reference link https://blog.csdn.net/u013113549/article/details/106312396?spm=1001.2014.3001.5501

make Related instructions

direct make Without any parameters, it is make all, contain make modules.

make bzImage Is to compile the system kernel ;

make It's equivalent to executing make bzImage and make modules.

make modules Is a separate compilation module , The driver is configured to M The are modules,modules Will not be compiled into the kernel image, It needs to be installed separately to rootfs.

make modules_install Copy the compiled module to the system directory （ It's usually /lib/modules/）.

make install Is to install the kernel binary image , Build and install boot Initialize the file system image file .

make oldconfig Use the current .config As the foundation , Regenerate a .config file . If the newly generated .config Documents and as a basis .config The documents are inconsistent . Take as the foundation .config Rename it to .config.old, For restoring pair .config Modification of .

Add system calls by modifying the kernel

Download and decompress the kernel source file above , Do the following to add a custom system call .

modify /usr/src/linux-4.13.10/arch/x86/entry/syscalls/syscall_64.tbl, Add the system call number .

In the catalog /usr/src/linux-4.13.10/arch/x86/kernel/ Next add a file syshello.c, Where is the added system call .

#include <linux/uaccess.h>
#include <linux/proc_fs.h>
#include <linux/init.h>
#include <linux/types.h>
#include <linux/sched.h>

int sys_hello(void){
    
    printk("oh~ hello world");
    return 5;
}

modify /usr/src/linux-4.13.10/arch/x86/kernel/Makefile file , Add compilation syshello.o file

modify usr/src/linux-4.13.10/include/linux/syscalls.h, Add function declaration at the end of the file .(vim The editor uses shift+g Skip to the end of the file )

The current kernel directory config Copy the file to the root directory of the downloaded new kernel source code sudo cp /usr/src/linux-headers-4.15.0-112-generic/.config ./, The next step is the same as the above steps to compile the kernel .

1. Edit the config file , Will the CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem" Delete the contents in quotation marks .
2.sudo make clean
3. To configure sudo make oldconfig
4. compiling sudo make -j5
5.sudo make modules_install
6.sudo make install
7.sudo update-grub2
8.sudo reboot
9. Boot press esc Press to select advanced options , Select the new version kernel to enter 
10.uname -r Verify whether to enter the new version of the kernel system 

Test whether the system call is successfully added

Prepare test procedures a.c

#include <stdio.h>
#include <sys/syscall.h>
#include <unistd.h>

int main(){
    
	int res = syscall(333);	333 It is the system call number just added 
	printf("res = %d\n", res);
}

Compile operation ,dmesg View kernel print information

gcc -o a a.c
./a

Reference link
1、https://blog.csdn.net/qq_38898129/article/details/80398851?utm_medium=distribute.pc_relevant.none-task-blog-2~default~baidujs_title~default-0.no_search_link&spm=1001.2101.3001.4242.1
2、https://www.jianshu.com/p/7547a58e68d3?utm_campaign=maleskine&utm_content=note&utm_medium=seo_notes&utm_source=recommendation

3、https://blog.csdn.net/Zach_z/article/details/86010084