I’m trying to port RR0D Rasta Ring0 Debugger from 32-bit Linux to 64-bit Linux. I have converted 32-bit gcc inline assembly to 64-bit using vim regex as mentioned in my question: How to convert Linux 32-bit gcc inline assembly to 64-bit code?
I’m using gcc with -m64 flag. The target environment is Linux x86-64, custom kernel version 3.5.5.
The Makefile is the following:
EXTRA_CFLAGS += -O2 -Wall -DLINUX_26 -m64
OBJ := module_nux.o breakpoint.o buffering.o command.o disasmbak.o idt.o
OBJ += keyboard.o page.o video.o utils.o import_symb.o core_rr0d.o pci.o
MODULE := rr0d.o
obj-m := $(MODULE)
rr0d-objs := $(OBJ)
default:
make -C /lib/modules/`uname -r`/build/ SUBDIRS=`pwd` modules
clean:
rm -f *.o .*.o.cmd .*.ko.cmd *.mod.c *~
rm -rf .tmp_versions
mrproper:
make clean
rm -f *.ko
make gives a lot of warnings like warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] and warning: cast from pointer to integer of different size [-Wpointer-to-int-cast], but these are probably irrelevant to the topic.
The last rows of the output of make are probably the important ones:
/home/user/code/rr0d/0.3/core_rr0d.c: In function ‘cleanup_rr0d’:
/home/user/code/rr0d/0.3/core_rr0d.c:1938:36: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
CC [M] /home/user/code/rr0d/0.3/pci.o
LD [M] /home/user/code/rr0d/0.3/rr0d.o
Building modules, stage 2.
MODPOST 1 modules
WARNING: "RING_HOOO_SEGMENT" [/home/user/code/rr0d/0.3/rr0d.ko] undefined!
CC /home/user/code/rr0d/0.3/rr0d.mod.o
LD [M] /home/user/code/rr0d/0.3/rr0d.ko
make[1]: Leaving directory `/home/user/code/kernel/linux-3.5.5'
So, RING_HOOO_SEGMENT is undefined.
When I try to insmod the module with insmod ./rr0d.ko as root, I get:
Error: could not insert module ./rr0d.ko: Unknown symbol in module
Checking with dmesg | tail -n 1 gives the following output:
[15975.412346] rr0d: Unknown symbol RING_HOOO_SEGMENT (err 0)
So, the unknown symbol definitively is RING_HOOO_SEGMENT.
RING_HOOO_SEGMENT is a constant created with #define in vars.h, that is included in several .c files with #include "vars.h".
The essential #ifdef block of vars.h with #define RING_HOOO_SEGMENT is this one:
#ifdef LINUX_26
#define fake_naked
#if defined(__GNUC__)
// the line below is the important one.
#define RING_HOOO_SEGMENT "$0x7b"
//#define RING_HOOO_SEGMENT "$0x60"
#elif defined(_MSC_VER)
#define RING_HOOO_SEGMENT 0x7b
#endif
#else /* LINUX_24 */
#define fake_naked _asm_("\t" \
"add $0x08, %esp\n\t" \
"popl %ebp\n" \
);
#if defined(__GNUC__)
#define RING_HOOO_SEGMENT "$0x18"
#elif defined(_MSC_VER)
#define RING_HOOO_SEGMENT 0x18
#endif
#define RING_HOOO_SEGMENT_VALUE 0x18
#endif /* LINUX_26 */
Obviously if #define RING_HOOO_SEGMENT "$0x7b" (in #if defined(__GNUC__) inside #ifdef LINUX_26) is commented out, the code won’t compile, so it’s clear that RING_HOOO_SEGMENT gets defined.
Grepping for RING_HOOO_SEGMENT gives the following matches:
$ grep 'RING_HOOO_SEGMENT' *.c *.o *.ko
core_rr0d.c: "movq RING_HOOO_SEGMENT, %rax\n\t"\
core_rr0d.c: __asm{ movq RING_HOOO_SEGMENT, %rax}\
Binary file rr0d.ko matches
Both core_rr0d.c rows are inline assembly. core_rr0d.c contains #include "vars.h" so that should be fine.
Also the binary module rr0d.ko matches, so it contains the string RING_HOOO_SEGMENT (in some form), even if insmod ./rr0d.ko fails with Error: could not insert module ./rr0d.ko: Unknown symbol in module.
Any ideas what might the reason for this problem and how to proceed to be able to insmod the module?
Here RING_HOOO_SEGMENT is in a string (probably part of an inline assembler block). As such, the preprocessor will not substitute
RING_HOOO_SEGMENT, and it gets passed as-is to the assembler, where the definition ofRING_HOOO_SEGMENTis not available.Fortunately,
RING_HOOO_SEGMENTis itself defined as the string"$0x7b", so we can use compile-time string concatenation:The preprocessor will substitute
RING_HOOO_SEGMENTfor"$0x7b", then GCC will concatenate these strings before passing it down to the assembler.