Giters

bmax121 / KernelPatch

Patching and hooking the Linux kernel with only a stripped Linux kernel image.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

android-roothijackinline-hookkernel-securitysyscall-hookkernelpatch

KernelPatch

Patching and hooking the Linux kernel with only stripped Linux kernel image.

 _  __                    _ ____       _       _     
| |/ /___ _ __ _ __   ___| |  _ \ __ _| |_ ___| |__  
| ' // _ \ '__| '_ \ / _ \ | |_) / _` | __/ __| '_ \ 
| . \  __/ |  | | | |  __/ |  __/ (_| | || (__| | | |
|_|\_\___|_|  |_| |_|\___|_|_|   \__,_|\__\___|_| |_|
  • Obtain all symbol information without source code and symbol information.
  • Inject arbitrary code into the kernel. (Static patching the kernel image or Runtime dynamic loading).
  • Kernel function inline hook and syscall table hook are provided.
  • Additional SU for Android.

If you are using Android, APatch would be a better choice.

Requirement

CONFIG_KALLSYMS=y

Supported Versions

Currently only supports arm64 architecture.

Linux 3.18 - 6.2 (theoretically)
Linux 6.3+ (not yet adapted)

Get Involved

More Information

Documentation

Credits

  • vmlinux-to-elf: Some ideas for parsing kernel symbols.
  • android-inline-hook: Some code for fixing arm64 inline hook instructions.
  • tlsf: Memory allocator used for KPM. (Need another to allocate ROX memory.)

License

KernelPatch is licensed under the GNU General Public License (GPL) 2.0 (https://www.gnu.org/licenses/old-licenses/gpl-2.0.html).

About

Patching and hooking the Linux kernel with only a stripped Linux kernel image.

android-roothijackinline-hookkernel-securitysyscall-hookkernelpatch

License:GNU General Public License v2.0

Languages

Language:C 97.1%Language:Assembly 1.3%Language:C++ 1.1%Language:Makefile 0.3%Language:CMake 0.1%