Need for emergency help

A

akbarakbari

Hello,

I am a newbie in FreeBSD and I have an assignment to write a kernel module for PC-BSD. This module should count the number of BSD sbrk function calls. I found dtrace but I can use it in PC-BSD 10. Can anyone help me? Please! My assignment deadline is two days later. Please, please.

Regards.
 
Obligatory disclaimer: PC-BSD DesktopBSD FreeNAS NAS4Free m0N0WALL pfSense ArchBSD

You'll want to hook the system call. Here's an outline of what to do:
  1. When messing around with the kernel, you may want to do so in a virtual machine for safety reasons.
  2. If you have access to a library, see if you can obtain the book "Designing BSD Rootkits" by Joseph Kong. Section 2.1 should be enough to get you going, but just in case, read the following.
  3. Write a hook function that increments a counter and then calls the original system call.
  4. Complete the kernel module by writing the load() function (which replaces the original system call with your hook and vice versa upon unloading) and some other obligatory filler code.
 
Thanks for your very useful hints. I have a problem while doing make module. I have seen this message after make.
Code: 
make: "/usr/share/mk/bsd.kmod.mk" line 12: Unable to locate the kernel source tree. Set SYSDIR to override.
I think the reason is that I run PC-BSD on VMware. Would you give me another useful hint?
 
akbarakbari said:
Code: 
make: "/usr/share/mk/bsd.kmod.mk" line 12: Unable to locate the kernel source tree. Set SYSDIR to override.
Click to expand...
It looks like you either don't have the kernel source code installed, or have it installed in an unusual place. On a FreeBSD system the source is typically in /usr/src/sys/, but I don't know exactly how PC-BSD handles FreeBSD source code. They might have an installable package for it, they may (or may not) install it into a different location, etc. This sounds like a question for someone who knows more about PC-BSD and the differences between it and FreeBSD.
 
You must log in or register to reply here.
Back
Top