Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "LKM"

From NetSec
Jump to: navigation, search
Line 4: Line 4:
  
 
{{warning|LKMs interact with your system on the kernel level, executing with the highest possible level of privilege. A poorly-designed kernel module may make your OS unstable, corrupt your filesystem and even brick your computer. You have been warned.}}
 
{{warning|LKMs interact with your system on the kernel level, executing with the highest possible level of privilege. A poorly-designed kernel module may make your OS unstable, corrupt your filesystem and even brick your computer. You have been warned.}}
 
+
, in the kernel.
  
 
__TOC__
 
__TOC__
Line 34: Line 34:
  
 
== Differences from normal C programming ==
 
== Differences from normal C programming ==
 +
 +
Although written in C, there are several differences you should keep in mind before you begin writing your first module.
 +
 +
*There is no standard entry point for an LKM - no main() function. Instead, an initialiation function runs and terminates when the module is first loaded, setting itself up to handle any requests it receives - an event-driven model.
 +
 +
*LKMs operate at a much higher level of privilege than userland programs. In addition to being able to do and access more, this means that they are assigned higher priority when handing out CPU cycles and resources. A poorly-written LKM can easily consume too much of a machine's processing power for anything else to function properly.
  
 
= Creating character devices =
 
= Creating character devices =

Revision as of 21:44, 21 June 2016

LKM stands for "Linux Kernel Module" or "Loadable Kernel Module". As the name implies, it is a way to allow code to interact directly with the kernel and extend its functionality. The ability to insert modular components into the kernel allows it to remain relatively lightweight, as it does not need to include every driver ever created. The ability to load modules on-the-fly also saves us from having to recompile every time a change needs to be made.

It goes without saying that you need root to modify the kernel. With this restriction in mind, however, LKMs can be very powerful if used correctly, since the kernel operates under significantly elevated privileges compared to userland. In particular, the functionality provided by extending the kernel can be used to great effect in the development of Rootkits.

RPU0j.png LKMs interact with your system on the kernel level, executing with the highest possible level of privilege. A poorly-designed kernel module may make your OS unstable, corrupt your filesystem and even brick your computer. You have been warned.

, in the kernel.


You can see a list of currently loaded kernel modules in two ways:

 
$ lsmod
$ cat /proc/modules
 

You can (as root) add new modules to your kernel with the insmod and rmmod commands:

 
$ insmod modname.ko
$ rmmod modname
 

These two utilities provide a simple, clean way to insert or remove modules from the kernel. If you need more advanced control over the insertion, removal and alteration of modules in the kernel, use the more fully-featured modprobe utility instead.

Writing a basic LKM

Linux kernel modules are written in C and compiled from one or more source files into a kernel object (.ko) file. In order to write an LKM, you will need a strong grasp of the fundamentals of C programming and at least a basic understanding of the way linux manages files, processes and devices.

Differences from normal C programming

Although written in C, there are several differences you should keep in mind before you begin writing your first module.

  • There is no standard entry point for an LKM - no main() function. Instead, an initialiation function runs and terminates when the module is first loaded, setting itself up to handle any requests it receives - an event-driven model.
  • LKMs operate at a much higher level of privilege than userland programs. In addition to being able to do and access more, this means that they are assigned higher priority when handing out CPU cycles and resources. A poorly-written LKM can easily consume too much of a machine's processing power for anything else to function properly.

Creating character devices

Device operations

Hooking system calls

See also

The Linux Kernel Module Programming Guide- an outdated but solid tutorial covering many of the concepts that will help you to understand the linux kernel.