v0.5.0: kpm support, and su support, and some fix ...

.clang-format

@@ -19,7 +19,7 @@ AllowAllParametersOfDeclarationOnNextLine: false
 AllowShortBlocksOnASingleLine: false
 AllowShortCaseLabelsOnASingleLine: false
 AllowShortFunctionsOnASingleLine: false
-AllowShortIfStatementsOnASingleLine: false
+AllowShortIfStatementsOnASingleLine: true
 AllowShortLoopsOnASingleLine: false
 AlwaysBreakAfterDefinitionReturnType: None
 AlwaysBreakAfterReturnType: None
@@ -53,7 +53,7 @@ BreakAfterJavaFieldAnnotations: false
 BreakStringLiterals: false
 BreakBeforeSemicolons: None
 ColumnLimit: 120
-CommentPragmas: '^ IWYU pragma:'
+CommentPragmas: "^ IWYU pragma:"
 CompactNamespaces: false
 ConstructorInitializerAllOnOneLineOrOnePerLine: false
 ConstructorInitializerIndentWidth: 4
@@ -66,18 +66,18 @@ FixNamespaceComments: false
 
 IncludeBlocks: Preserve
 IncludeCategories:
-  - Regex: '.*'
+  - Regex: ".*"
     Priority: 1
-IncludeIsMainRegex: '(Test)?$'
+IncludeIsMainRegex: "(Test)?$"
 IndentCaseLabels: false
 IndentPPDirectives: None
 IndentWidth: 4
 IndentWrappedFunctionNames: false
 JavaScriptQuotes: Leave
 JavaScriptWrapImports: true
 KeepEmptyLinesAtTheStartOfBlocks: false
-MacroBlockBegin: ''
-MacroBlockEnd: ''
+MacroBlockBegin: ""
+MacroBlockEnd: ""
 MaxEmptyLinesToKeep: 1
 NamespaceIndentation: None
 ObjCBinPackProtocolList: Auto
@@ -116,4 +116,3 @@ Standard: Cpp11
 TabWidth: 4
 UseTab: Never
 UseCRLF: false
-...

.github/workflows/build.yml

@@ -2,13 +2,13 @@ name: Build CI
 
 on:
   push:
-    branches: [ "main" ]
+    branches: ["main"]
   pull_request:
-    branches: [ "main" ]
+    branches: ["main"]
 
 jobs:
   Build-kpimg:
-    runs-on:  ubuntu-latest
+    runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
@@ -28,20 +28,30 @@ jobs:
           echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
       - name: Install Compiler
         run: |
-            curl -o arm-gnu-toolchain-12.2.rel1-x86_64-aarch64-none-elf.tar.xz https://armkeil.blob.core.windows.net/developer/Files/downloads/gnu/12.2.rel1/binrel/arm-gnu-toolchain-12.2.rel1-x86_64-aarch64-none-elf.tar.xz
-            tar -Jxf arm-gnu-toolchain-12.2.rel1-x86_64-aarch64-none-elf.tar.xz
+          curl -o arm-gnu-toolchain-12.2.rel1-x86_64-aarch64-none-elf.tar.xz https://armkeil.blob.core.windows.net/developer/Files/downloads/gnu/12.2.rel1/binrel/arm-gnu-toolchain-12.2.rel1-x86_64-aarch64-none-elf.tar.xz
+          tar -Jxf arm-gnu-toolchain-12.2.rel1-x86_64-aarch64-none-elf.tar.xz
       - name: Build kpimg
         run: |
           export TARGET_COMPILE=`pwd`/arm-gnu-toolchain-12.2.rel1-x86_64-aarch64-none-elf/bin/aarch64-none-elf-
           cd kernel
           make
           mv kpimg kpimg-${{ steps.parse_version.outputs.VERSION }}
+          mv kpimg.elf kpimg.elf-${{ steps.parse_version.outputs.VERSION }}
           make clean
           export ANDROID=1
           make
-          unset ANDROID
           mv kpimg kpimg-android-${{ steps.parse_version.outputs.VERSION }}
-          
+          mv kpimg.elf kpimg.elf-android-${{ steps.parse_version.outputs.VERSION }}
+          unset ANDROID
+
+      - name: Upload elf
+        uses: actions/upload-artifact@v3
+        with:
+          path: |
+            kernel/kpimg.elf-${{ steps.parse_version.outputs.VERSION }}
+            kernel/kpimg.elf-android-${{ steps.parse_version.outputs.VERSION }}
+          name: kpimg.elf
+
       - name: Release
         uses: ncipollo/[email protected]
         with:
@@ -55,7 +65,7 @@ jobs:
           replacesArtifacts: true
 
   Release-lib:
-    runs-on:  ubuntu-latest
+    runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
@@ -79,7 +89,7 @@ jobs:
           cd ..
           zip -r kpuser.zip user
           mv kpuser.zip kpuser-src-${{ steps.parse_version.outputs.VERSION }}.zip
-          
+
       - name: Release
         uses: ncipollo/[email protected]
         with:
@@ -91,7 +101,7 @@ jobs:
           replacesArtifacts: true
 
   Build-android:
-    runs-on:  ubuntu-latest
+    runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
@@ -109,7 +119,7 @@ jobs:
           VERSION="$MAJOR.$MINOR.$PATCH"
           echo "Generated Version: $VERSION"
           echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
-          
+
           TOOLS_MAJOR=$(grep '#define MAJOR' tools/version | awk '{print $3}')
           TOOLS_MINOR=$(grep '#define MINOR' tools/version | awk '{print $3}')
           TOOLS_PATCH=$(grep '#define PATCH' tools/version | awk '{print $3}')
@@ -128,7 +138,7 @@ jobs:
           export TARGET_COMPILE=placeholder
           cd kernel
           make hdr
-          
+
       - name: Build kpatch-android
         run: |
           cd user
@@ -156,7 +166,7 @@ jobs:
             -DANDROID_ABI=arm64-v8a ../..
           cmake --build .
           mv kptools kptools-android-${{ steps.parse_version.outputs.TOOLS_VERSION }}
-          
+
       - name: Release
         uses: ncipollo/[email protected]
         with:
@@ -184,7 +194,7 @@ jobs:
           VERSION="$MAJOR.$MINOR.$PATCH"
           echo "Generated Version: $VERSION"
           echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
-          
+
           TOOLS_MAJOR=$(grep '#define MAJOR' tools/version | awk '{print $3}')
           TOOLS_MINOR=$(grep '#define MINOR' tools/version | awk '{print $3}')
           TOOLS_PATCH=$(grep '#define PATCH' tools/version | awk '{print $3}')
@@ -206,7 +216,7 @@ jobs:
           make
           mv kptools kptools-linux-${{ steps.parse_version.outputs.TOOLS_VERSION }}
 
-      - name: Release 
+      - name: Release
         uses: ncipollo/[email protected]
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
@@ -232,14 +242,14 @@ jobs:
           VERSION="$MAJOR.$MINOR.$PATCH"
           echo "Generated Version: $VERSION"
           echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
-          
+
           TOOLS_MAJOR=$(grep '#define MAJOR' tools/version | awk '{print $3}')
           TOOLS_MINOR=$(grep '#define MINOR' tools/version | awk '{print $3}')
           TOOLS_PATCH=$(grep '#define PATCH' tools/version | awk '{print $3}')
           TOOLS_VERSION="$TOOLS_MAJOR.$TOOLS_MINOR.$TOOLS_PATCH"
           echo "Generated Tools Version: $TOOLS_VERSION"
           echo "TOOLS_VERSION=$TOOLS_VERSION" >> $GITHUB_OUTPUT
-          
+
       - name: Make hdr
         run: |
           export TARGET_COMPILE=placeholder
@@ -253,12 +263,12 @@ jobs:
           cmake ..
           make
           mv kptools kptools-mac-${{ steps.parse_version.outputs.TOOLS_VERSION }}
-      - name: Release 
+      - name: Release
         uses: ncipollo/[email protected]
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           tag: ${{ steps.parse_version.outputs.VERSION }}
           artifacts: |
             tools/build/kptools-mac-${{ steps.parse_version.outputs.TOOLS_VERSION }}
           allowUpdates: true
-          replacesArtifacts: true
+          replacesArtifacts: true

.gitignore

@@ -4,5 +4,6 @@
 **/.DS_Store
 
 build
+
 test
 .test

README.md

@@ -2,6 +2,15 @@
 
 **Patching and hooking the Linux kernel with only stripped Linux kernel image.**
 
+``` shell
+ _  __                    _ ____       _       _     
+| |/ /___ _ __ _ __   ___| |  _ \ __ _| |_ ___| |__  
+| ' // _ \ '__| '_ \ / _ \ | |_) / _` | __/ __| '_ \ 
+| . \  __/ |  | | | |  __/ |  __/ (_| | || (__| | | |
+|_|\_\___|_|  |_| |_|\___|_|_|   \__,_|\__\___|_| |_|
+
+```
+
 If you are using Android, [AndroidKernelPatch](https://github.com/bmax121/AndroidKernelPatch) would be a better choice.
 
 **English** | [简体中文](README_zh-CN.md)
@@ -10,13 +19,11 @@ KernelPatch provides the fundamental capability to parse Linux kernel images wit
 Building upon this foundation, KernelPatch offers essential features such as system-call-hook and inline-hook in the kernel.  
 You have complete control over the kernel, allowing you to implement desired functionalities such as privilege escalation, hiding, monitoring, and more.  
 
-**KernelPatch is intended solely for learning and communication purposes. It is strictly prohibited from being used for any illegal activities.**
-
 ## Supported Versions
 
 Currently only supports arm64 architecture.  
 
-Linux 3.8 - 6.2 (theoretically)  
+Linux 3.18 - 6.2 (theoretically)  
 Linux 6.3+ (not yet adapted)  
 
 ## Get Help
@@ -33,7 +40,6 @@ Linux 6.3+ (not yet adapted)
 
 - [vmlinux-to-elf](https://github.com/marin-m/vmlinux-to-elf): Some ideas for parsing kernel symbols.
 - [android-inline-hook](https://github.com/bytedance/android-inline-hook): Some code for fixing arm64 inline hook instructions.
-- [https://elixir.bootlin.com](https://elixir.bootlin.com/linux/v6.2.16/C/ident/): Linux source code online.
 
 ## License
 

README_zh-CN.md

@@ -2,19 +2,26 @@
 
 **Patching and hooking the Linux kernel with only stripped Linux kernel image.**
 
+``` shell
+ _  __                    _ ____       _       _     
+| |/ /___ _ __ _ __   ___| |  _ \ __ _| |_ ___| |__  
+| ' // _ \ '__| '_ \ / _ \ | |_) / _` | __/ __| '_ \ 
+| . \  __/ |  | | | |  __/ |  __/ (_| | || (__| | | |
+|_|\_\___|_|  |_| |_|\___|_|_|   \__,_|\__\___|_| |_|
+
+```
+
 如果你在使用 Android，[AndroidKernelPatch](https://github.com/bmax121/AndroidKernelPatch) 会是更好的选择。
 
 KernelPatch 提供可以在无源码无符号情况下解析Linux内核镜像，获取任意符号偏移，并向内核中注入任意代码的基础能力。  
 在此基础上，KernelPatch 还提供了系统调用 hook，内核 inline-hook 等基础功能。  
 你可以完全的掌控内核，实现你想要的功能，比如提权，隐藏，监控等等。  
 
-**KernelPatch 仅供学习交流。严禁用于任何非法用途。**
-
 ## 支持情况
 
 当前只支持 arm64
 
-Linux 3.8 - 6.2 (理论上)  
+Linux 3.18 - 6.2 (理论上)  
 Linux 6.3+ (暂未适配)  
 
 ## 获取帮助
@@ -31,7 +38,6 @@ Linux 6.3+ (暂未适配)
 
 - [vmlinux-to-elf](https://github.com/marin-m/vmlinux-to-elf): 参考学习了解析内核符号的思路
 - [android-inline-hook](https://github.com/bytedance/android-inline-hook): 用了 arm64 inline hook 指令修复的代码
-- [linux source code online](https://elixir.bootlin.com/linux/v6.2.16/C/ident/): 内核源码在线
 
 ## 许可证
 

doc/en/module.md

@@ -1 +1,5 @@
 # KernelPatch Module
+
+todo 
+
+[demo here](/kpm-demo/)

doc/zh-cn/module.md

@@ -1 +1,5 @@
 # KernelPatch Module
+
+todo 
+
+[demo here](/kpm-demo/)

kernel/.gitignore

@@ -16,7 +16,7 @@
 *.bin
 *.elf
 
-# 
+# kernel patch module
 *.kpm
 
 kpimg

kernel/Makefile

@@ -1,5 +1,5 @@
 ifndef TARGET_COMPILE
-    $(error TARGET_COMPILE is not set)
+    $(error TARGET_COMPILE not set)
 endif
 
 TARGET=kpimg
@@ -24,23 +24,23 @@ INCLUDE := -I. -Iinclude -Ipatch/include -Ilinux -Ilinux/include -Ilinux/arch/ar
 
 BASE_SRCS += base/setup.c 
 BASE_SRCS += base/setup1.S
+BASE_SRCS += base/cache.S
+BASE_SRCS += base/tlsf.c
 BASE_SRCS += base/start.c 
 BASE_SRCS += base/map.c 
+BASE_SRCS += base/map1.S 
 BASE_SRCS += base/hook.c 
+BASE_SRCS += base/fphook.c 
 BASE_SRCS += base/hmem.c 
 BASE_SRCS += base/predata.c 
 BASE_SRCS += base/symbol.c 
 
 BASE_SRCS += $(wildcard minc/*.c)
 
-BASE_SRCS += $(wildcard module/*.c)
-
 BASE_SRCS += $(wildcard patch/*.c)
-BASE_SRCS += $(wildcard patch/accctl/*.c)
-BASE_SRCS += $(wildcard patch/extend/*.c)
+BASE_SRCS += $(wildcard patch/common/*.c)
+BASE_SRCS += $(wildcard patch/module/*.c)
 BASE_SRCS += $(wildcard patch/ksyms/*.c)
-BASE_SRCS += $(wildcard patch/struct/*.c)
-BASE_SRCS += $(wildcard patch/debug/*.c)
 
 ifdef ANDROID
 	BASE_SRCS += $(wildcard patch/android/*.c)
@@ -66,10 +66,11 @@ ${TARGET}.elf: ${OBJS}
 %.o: %.S
 	${CC} $(CFLAGS) $(INCLUDE) -c -o $@ $<
 
+.PHONY: hdr
 hdr:
 	cp -r patch/include/uapi ../user
 	cp version ../user
-	cp base/preset.h ../tools
+	cp include/preset.h ../tools
 
 .PHONY: clean
 clean: