how to replace a static kernel function without modifying and precomiling linux kernel

Question

all, I want to know how to replace a kernel static function in a module without modifying linux kernel. I have known that Linux hook can replace some functions, but the problem is that I want to replace a static function without modifying linux kernel. Would you please help me? Thank you.

Answer 1

Generally the way the Linux kernel is compiled, replacing / hooking a static function at runtime isn't possible (short of unloading / reloading the entire module if you're talking module code).

That is because the compile inlines static functions much of the time (unless you take the address of it somewhere), and therefore they won't even show up in the symbol table. There's no way after the compile to find out where in the generated binary the static code ended up - not unlikely, you'll find several inlined versions of it in all the call sites invoking the func.

So the basic question: Why does the function have to be static ? What exactly is it you're attempting to do that mandates the use of static ?

Answer 2

If it's actually compiled as a module (not built-in), then just recompile the code, rmmod the module, and insmod the new .ko file. Easy as... some kind of cliche pastry.

Answer 3

In general, you may use some of this techniques:

• kprobes/jprobes, that allows you to hook a function with int3
• modifying the function's code (for ex., prologue) to jump to your handler and get back, later

If you don't wish to modify the kernel's code at all, you might set up the debugging registers and watch for an access exceptions (in your exception handler, of course). Besides that, you can try to find and invalidate some of the kernel's internal variables so the access to them from the kernel causes the invalid pointer dereference exception. In that case you can handle such an exception and do a back-trace to achive target function.