“FreeBSD 7.0 has already been released. If you are a real hacker, the best way to jump in and learn it is hacking together an introductory kernel module. In this article I’ll implement a very basic module that prints a message when it is loaded, and another when it is unloaded. I’ll also cover the mechanics of compiling our module using standard tools and rebuilding the stock FreeBSD kernel. Let’s do it!”
First of all, I’d like to state that the article was interesting to me and it was written in an understandable way. I’m a (nearly) fulltime FreeBSD user, so some minor revisions came into my mind when I read the article. Here they are:
The mentioned command sequence
cd /usr/src/sys/amd64
cp GENERIC CUSTOM
won’t work. The author writes “If you are on an x86 based machine, the kernel is located in the /usr/src/sys/i386 directory. […] The kernel configuration file is located in a directory called conf.” correctly, but misses to add the conf subdirectory to his commands. They should be:
# cd /usr/src/sys/amd64/conf
# cp GENERIC CUSTOM
For the AMD64 arch, /usr/src/sys/amd64/conf would be the correct path.
You can shorten the path, too, because there’s a symlink /sys pointing at /usr/src/sys, so /sys/i386/conf is a valid cd parameter.
Side note: The author states that these procedures work fine with the 7.0-RELEASE kernel (stock kernel); be sure to build kernel and world if you updated your sources before, because kernel and world should be the same version (e. g. 7.0-RELEASE-p1).
If you want to read up some more about this topic, don’t miss the high quality FreeBSD handbook: http://www.freebsd.org/doc/en/books/handbook/kernelconfig.html – the author mentions this source, too.
An interesting starting point, after all. I’m still thinking about writing a KLD module to read from a Sun type 5 keyboard attached to the serial port… say hello world to /dev/skbd0.
excellent. now go write about newbus.
Nice! Code contains a syntax error though
switch event –> switch (event)
A great book to learn more about this topic is:
Designing BSD Rootkits
An Introduction to Kernel Hacking
by Joseph Kong
April 2007, 142 pp.
ISBN-10 1-59327-142-5
ISBN-13 978-1-59327-142-8
the only problem is that this book is based on FreeBSD 6.x
Precisely why lkm are turned off on my secure servers.
Why isn’t there more articles like this?
An updated version of: The Design and Implementation of the FreeBSD Operating System ?
Interesting readings are so few and far between nowadays .. in the internet times .. when interesting readings should abound … it’s such a shame given all the chances we have now and that other only dreamt of …
A very good read!
I was wondering about the exact thing that the article mentioned (how to enable the ULE scheduler in FreeBSD 7.0). Really good to see this article which gives a good description of how to do that (and many thanks to Doc Pain for his revisions too).
Edited 2008-05-26 07:33 UTC