Write your first kernel module

Building Kernel Module #

Create rootkit.c

#include <linux/module.h>
#include <linux/syscalls.h>
#include <linux/types.h>

#define OURMODNAME	"rootkit"

MODULE_AUTHOR("FOOBAR");
MODULE_DESCRIPTION("FOOBAR");
MODULE_LICENSE("Dual MIT/GPL");
MODULE_VERSION("0.1");

static int __init rootkit_init(void)
{
    printk(KERN_INFO "hello, world!\n");
	return 0;
}

static void __exit rootkit_exit(void)
{
	printk(KERN_INFO "Goodbye, world!\n");
}

module_init(rootkit_init);
module_exit(rootkit_exit);

Create Makefile. Remember to update KDIR with your linux source code dir.

obj-m = rootkit.o
PWD := $(shell pwd)
EXTRA_CFLAGS = -Wall -g
CROSS = aarch64-linux-gnu-
KDIR = /home/jack/Desktop/linux/

all:
	$(MAKE) ARCH=arm64 CROSS_COMPILE=$(CROSS) -C $(KDIR) M=$(PWD) modules
clean:
	$(MAKE) -C $(KDIR) M=$(PWD) clean

Compile kernel module

make all

$ ls
rootkit.ko

Copy rootkit.ko to qemu share folders.

cp rootkit.ko ../shared

Open qemu vm.

qemu-system-aarch64 ...

Insert kernel module and list all kernel module

$ sudo insmod rootkit.ko
$ sudo lsmod

Module    Size  Used by
rootkit  12232  0

Remove kernel module and look log by dmesg

$ sudo rmmod rootkit
$ dmesg

Hello, world!
Goodbye, world!

Jack Li's Blog

Write your first kernel module

Building Kernel Module #

Backlinks

Interactive Graph