├── .cache └── clangd │ └── index │ └── hwbreak.c.887C14B88648B454.idx ├── .clang-format ├── Makefile ├── compile_commands.json ├── env.sh ├── hwbreak.c ├── insmod.sh └── rmmod.sh /.cache/clangd/index/hwbreak.c.887C14B88648B454.idx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/junknet/kernel-debugger/4e0abb262cf90f564ae5457e80c0cd97f6640aa7/.cache/clangd/index/hwbreak.c.887C14B88648B454.idx -------------------------------------------------------------------------------- /.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | # BasedOnStyle: Microsoft 4 | AccessModifierOffset: -2 5 | AlignAfterOpenBracket: Align 6 | AlignArrayOfStructures: None 7 | AlignConsecutiveMacros: None 8 | AlignConsecutiveAssignments: None 9 | AlignConsecutiveBitFields: None 10 | AlignConsecutiveDeclarations: None 11 | AlignEscapedNewlines: Right 12 | AlignOperands: Align 13 | AlignTrailingComments: true 14 | AllowAllArgumentsOnNextLine: true 15 | AllowAllConstructorInitializersOnNextLine: true 16 | AllowAllParametersOfDeclarationOnNextLine: true 17 | AllowShortEnumsOnASingleLine: false 18 | AllowShortBlocksOnASingleLine: Never 19 | AllowShortCaseLabelsOnASingleLine: false 20 | AllowShortFunctionsOnASingleLine: None 21 | AllowShortLambdasOnASingleLine: All 22 | AllowShortIfStatementsOnASingleLine: Never 23 | AllowShortLoopsOnASingleLine: false 24 | AlwaysBreakAfterDefinitionReturnType: None 25 | AlwaysBreakAfterReturnType: None 26 | AlwaysBreakBeforeMultilineStrings: false 27 | AlwaysBreakTemplateDeclarations: MultiLine 28 | AttributeMacros: 29 | - __capability 30 | BinPackArguments: true 31 | BinPackParameters: true 32 | BraceWrapping: 33 | AfterCaseLabel: false 34 | AfterClass: true 35 | AfterControlStatement: Always 36 | AfterEnum: true 37 | AfterFunction: true 38 | AfterNamespace: true 39 | AfterObjCDeclaration: true 40 | AfterStruct: true 41 | AfterUnion: false 42 | AfterExternBlock: true 43 | BeforeCatch: true 44 | BeforeElse: true 45 | BeforeLambdaBody: false 46 | BeforeWhile: false 47 | IndentBraces: false 48 | SplitEmptyFunction: true 49 | SplitEmptyRecord: true 50 | SplitEmptyNamespace: true 51 | BreakBeforeBinaryOperators: None 52 | BreakBeforeConceptDeclarations: true 53 | BreakBeforeBraces: Custom 54 | BreakBeforeInheritanceComma: false 55 | BreakInheritanceList: BeforeColon 56 | BreakBeforeTernaryOperators: true 57 | BreakConstructorInitializersBeforeComma: false 58 | BreakConstructorInitializers: BeforeColon 59 | BreakAfterJavaFieldAnnotations: false 60 | BreakStringLiterals: true 61 | ColumnLimit: 120 62 | CommentPragmas: '^ IWYU pragma:' 63 | CompactNamespaces: false 64 | ConstructorInitializerAllOnOneLineOrOnePerLine: false 65 | ConstructorInitializerIndentWidth: 4 66 | ContinuationIndentWidth: 4 67 | Cpp11BracedListStyle: true 68 | DeriveLineEnding: true 69 | DerivePointerAlignment: false 70 | DisableFormat: false 71 | EmptyLineAfterAccessModifier: Never 72 | EmptyLineBeforeAccessModifier: LogicalBlock 73 | ExperimentalAutoDetectBinPacking: false 74 | FixNamespaceComments: true 75 | ForEachMacros: 76 | - foreach 77 | - Q_FOREACH 78 | - BOOST_FOREACH 79 | IfMacros: 80 | - KJ_IF_MAYBE 81 | IncludeBlocks: Preserve 82 | IncludeCategories: 83 | - Regex: '^"(llvm|llvm-c|clang|clang-c)/' 84 | Priority: 2 85 | SortPriority: 0 86 | CaseSensitive: false 87 | - Regex: '^(<|"(gtest|gmock|isl|json)/)' 88 | Priority: 3 89 | SortPriority: 0 90 | CaseSensitive: false 91 | - Regex: '.*' 92 | Priority: 1 93 | SortPriority: 0 94 | CaseSensitive: false 95 | IncludeIsMainRegex: '(Test)?$' 96 | IncludeIsMainSourceRegex: '' 97 | IndentAccessModifiers: false 98 | IndentCaseLabels: false 99 | IndentCaseBlocks: false 100 | IndentGotoLabels: true 101 | IndentPPDirectives: None 102 | IndentExternBlock: AfterExternBlock 103 | IndentRequires: false 104 | IndentWidth: 4 105 | IndentWrappedFunctionNames: false 106 | InsertTrailingCommas: None 107 | JavaScriptQuotes: Leave 108 | JavaScriptWrapImports: true 109 | KeepEmptyLinesAtTheStartOfBlocks: true 110 | LambdaBodyIndentation: Signature 111 | MacroBlockBegin: '' 112 | MacroBlockEnd: '' 113 | MaxEmptyLinesToKeep: 1 114 | NamespaceIndentation: None 115 | ObjCBinPackProtocolList: Auto 116 | ObjCBlockIndentWidth: 2 117 | ObjCBreakBeforeNestedBlockParam: true 118 | ObjCSpaceAfterProperty: false 119 | ObjCSpaceBeforeProtocolList: true 120 | PenaltyBreakAssignment: 2 121 | PenaltyBreakBeforeFirstCallParameter: 19 122 | PenaltyBreakComment: 300 123 | PenaltyBreakFirstLessLess: 120 124 | PenaltyBreakString: 1000 125 | PenaltyBreakTemplateDeclaration: 10 126 | PenaltyExcessCharacter: 1000000 127 | PenaltyReturnTypeOnItsOwnLine: 1000 128 | PenaltyIndentedWhitespace: 0 129 | PointerAlignment: Right 130 | PPIndentWidth: -1 131 | ReferenceAlignment: Pointer 132 | ReflowComments: true 133 | ShortNamespaceLines: 1 134 | SortIncludes: CaseSensitive 135 | SortJavaStaticImport: Before 136 | SortUsingDeclarations: true 137 | SpaceAfterCStyleCast: false 138 | SpaceAfterLogicalNot: false 139 | SpaceAfterTemplateKeyword: true 140 | SpaceBeforeAssignmentOperators: true 141 | SpaceBeforeCaseColon: false 142 | SpaceBeforeCpp11BracedList: false 143 | SpaceBeforeCtorInitializerColon: true 144 | SpaceBeforeInheritanceColon: true 145 | SpaceBeforeParens: ControlStatements 146 | SpaceAroundPointerQualifiers: Default 147 | SpaceBeforeRangeBasedForLoopColon: true 148 | SpaceInEmptyBlock: false 149 | SpaceInEmptyParentheses: false 150 | SpacesBeforeTrailingComments: 1 151 | SpacesInAngles: Never 152 | SpacesInConditionalStatement: false 153 | SpacesInContainerLiterals: true 154 | SpacesInCStyleCastParentheses: false 155 | SpacesInLineCommentPrefix: 156 | Minimum: 1 157 | Maximum: -1 158 | SpacesInParentheses: false 159 | SpacesInSquareBrackets: false 160 | SpaceBeforeSquareBrackets: false 161 | BitFieldColonSpacing: Both 162 | Standard: Latest 163 | StatementAttributeLikeMacros: 164 | - Q_EMIT 165 | StatementMacros: 166 | - Q_UNUSED 167 | - QT_REQUIRE_VERSION 168 | TabWidth: 4 169 | UseCRLF: false 170 | UseTab: Never 171 | WhitespaceSensitiveMacros: 172 | - STRINGIZE 173 | - PP_STRINGIZE 174 | - BOOST_PP_STRINGIZE 175 | - NS_SWIFT_NAME 176 | - CF_SWIFT_NAME 177 | ... 178 | 179 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | obj-m += hwbreak.o 2 | all: 3 | make -C /msm M=$(PWD) modules 4 | clean: 5 | make -C /msm M=$(PWD) clean 6 | -------------------------------------------------------------------------------- /compile_commands.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "arguments": [ 4 | "cc", 5 | "-c", 6 | "-Wp,-MD,/kernel_module/.dump.o.d", 7 | "-nostdinc", 8 | "-isystem", 9 | "/aosp/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin/../lib/gcc/aarch64-linux-android/4.9.x/include", 10 | "-I./arch/arm64/include", 11 | "-Iarch/arm64/include/generated/uapi", 12 | "-Iarch/arm64/include/generated", 13 | "-Iinclude", 14 | "-I./arch/arm64/include/uapi", 15 | "-Iarch/arm64/include/generated/uapi", 16 | "-I./include/uapi", 17 | "-Iinclude/generated/uapi", 18 | "-include", 19 | "./include/linux/kconfig.h", 20 | "-D__KERNEL__", 21 | "-mlittle-endian", 22 | "-Wall", 23 | "-Wundef", 24 | "-Wstrict-prototypes", 25 | "-Wno-trigraphs", 26 | "-fno-strict-aliasing", 27 | "-fno-common", 28 | "-Werror-implicit-function-declaration", 29 | "-Wno-format-security", 30 | "-std=gnu89", 31 | "-mgeneral-regs-only", 32 | "-fno-pic", 33 | "-fno-asynchronous-unwind-tables", 34 | "-fno-delete-null-pointer-checks", 35 | "-Wno-maybe-uninitialized", 36 | "-O2", 37 | "-Werror", 38 | "--param=allow-store-data-races=0", 39 | "-DCC_HAVE_ASM_GOTO", 40 | "-Wframe-larger-than=2048", 41 | "-fstack-protector-strong", 42 | "-fno-delete-null-pointer-checks", 43 | "-Wno-unused-but-set-variable", 44 | "-fno-omit-frame-pointer", 45 | "-fno-optimize-sibling-calls", 46 | "-fno-var-tracking-assignments", 47 | "-g", 48 | // "-Wdeclaration-after-statement", 49 | "-Wno-pointer-sign", 50 | "-fno-strict-overflow", 51 | "-fconserve-stack", 52 | "-Werror=implicit-int", 53 | "-Werror=strict-prototypes", 54 | "-Werror=date-time", 55 | "-DMODULE", 56 | "-mcmodel=large", 57 | "-DKBUILD_STR(s)=#s", 58 | "-DKBUILD_BASENAME=KBUILD_STR(dump)", 59 | "-DKBUILD_MODNAME=KBUILD_STR(dump)", 60 | "-o", 61 | "/kernel_module/dump.o", 62 | "../kernel_module/dump.c" 63 | ], 64 | "directory": "/home/junknet/Desktop/msm", 65 | "file": "../hwbreak/hwbreak.c" 66 | } 67 | ] 68 | -------------------------------------------------------------------------------- /env.sh: -------------------------------------------------------------------------------- 1 | export PATH=$PATH:/aosp/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin 2 | export ARCH=arm64 3 | export CROSS_COMPILE=aarch64-linux-android- 4 | 5 | 6 | cd /aosp 7 | source build/envsetup.sh 8 | lunch 25 9 | cd - 10 | 11 | -------------------------------------------------------------------------------- /hwbreak.c: -------------------------------------------------------------------------------- 1 | #include "asm/current.h" 2 | #include "asm/uaccess.h" 3 | #include "linux/hw_breakpoint.h" 4 | #include "linux/mmzone.h" 5 | #include "linux/perf_event.h" 6 | #include "linux/printk.h" 7 | #include "linux/sched.h" 8 | #include "linux/types.h" 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | //开始阴间操作 19 | 20 | typedef unsigned long (*lookup_name_t)(const char *name); 21 | typedef int (*access_vm)(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write); 22 | static struct kprobe kp = {.symbol_name = "kallsyms_lookup_name"}; 23 | 24 | struct perf_event *sample_hbp; 25 | struct perf_event *watch_hbp; 26 | struct perf_event_attr attr; 27 | static access_vm access_vm_fn; 28 | static uint64_t soul_pid = 2644; 29 | static uint64_t soul_base = 0xd3143000; 30 | 31 | static void watch_handler(struct perf_event *bp, struct perf_sample_data *data, struct pt_regs *regs) 32 | { 33 | // struct file *file; 34 | // unsigned char buff[10] = {0}; 35 | // buff[0] = 'E'; 36 | // buff[1] = 'L'; 37 | // buff[2] = 'F'; 38 | // file = filp_open("/data/local/tmp/dump.kernel", O_RDWR | O_CREAT, 0644); 39 | // kernel_write(file, buff, 10, 0); 40 | // filp_close(file, NULL); 41 | unregister_hw_breakpoint(watch_hbp); 42 | } 43 | 44 | static void sample_hbp_handler(struct perf_event *bp, struct perf_sample_data *data, struct pt_regs *regs) 45 | { 46 | 47 | unregister_hw_breakpoint(sample_hbp); 48 | ptrace_breakpoint_init(&attr); 49 | attr.bp_addr = regs->regs[0]; 50 | attr.bp_len = HW_BREAKPOINT_LEN_1; 51 | attr.bp_type = HW_BREAKPOINT_R; 52 | attr.disabled = 0; 53 | watch_hbp = register_user_hw_breakpoint(&attr, watch_handler, NULL, current); 54 | } 55 | 56 | static int __init main_init(void) 57 | { 58 | 59 | struct task_struct *task = NULL; 60 | struct pid *proc_pid_struct = NULL; 61 | struct perf_event_attr attr; 62 | lookup_name_t lookup_name_fn; 63 | register_kprobe(&kp); 64 | lookup_name_fn = (lookup_name_t)kp.addr; 65 | unregister_kprobe(&kp); 66 | access_vm_fn = (access_vm)lookup_name_fn("access_process_vm"); 67 | 68 | proc_pid_struct = find_get_pid(soul_pid); 69 | if (proc_pid_struct == NULL) 70 | { 71 | return -EINVAL; 72 | } 73 | task = get_pid_task(proc_pid_struct, PIDTYPE_PID); 74 | printk("pid:%d\n", task->pid); 75 | if (!task) 76 | { 77 | printk(KERN_INFO "get_pid_task failed.\n"); 78 | return -EINVAL; 79 | } 80 | ptrace_breakpoint_init(&attr); 81 | attr.bp_addr = soul_base + 0x91c4c; 82 | attr.bp_len = HW_BREAKPOINT_LEN_2; 83 | attr.bp_type = HW_BREAKPOINT_X; 84 | attr.disabled = 0; 85 | sample_hbp = register_user_hw_breakpoint(&attr, sample_hbp_handler, NULL, task); 86 | put_task_struct(task); 87 | return 0; 88 | } 89 | 90 | static void __exit main_exit(void) 91 | { 92 | unregister_hw_breakpoint(sample_hbp); 93 | } 94 | 95 | module_init(main_init); 96 | module_exit(main_exit); 97 | MODULE_LICENSE("GPL"); -------------------------------------------------------------------------------- /insmod.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | adb push hwbreak.ko /data/local/tmp/ 3 | adb shell rmmod /data/local/tmp/hwbreak.ko 4 | adb shell insmod /data/local/tmp/hwbreak.ko 5 | -------------------------------------------------------------------------------- /rmmod.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | adb shell rmmod /data/local/tmp/hwbreak.ko 3 | --------------------------------------------------------------------------------