Salut à tous,

La table des syscall, sys_call_table, n'étant plus exportée sous ma Fedora 2 (2.6.5-1.358), j'essaie de lire la partition /dev/mem (/dev/kmem est en access denied) en m'inspirant du rootkit Phalanx:

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/mman.h>

struct idtr {
unsigned short limit;
unsigned int base;
} __attribute__ ((packed));

struct idt {
unsigned short off1;
unsigned short sel;
unsigned char none,flags;
unsigned short off2;
} __attribute__ ((packed));

unsigned sys_call_off;
long idt_table;

(…)