I am trying to override the kill command In my module by replacing the pointer stored in sys_call_table, to a pointer to function i implemented.
I used the kallsyms_lookup_name() syscall to get the address of the table, and lookup_address() to get the address of the page.
now, my problem is the kernel protecting the page with r/w flag.
So, given a virtual page address, is there a way to modify the r/w flag?
Do you need this?
https://elixir.bootlin.com/linux/v4.3/source/arch/arm/mm/pageattr.c#L68\
At least, you can change your memory attribute for kernel module. Also, you can change your kernel text memory attribute as well.
As far as I tested, if we try to write ro memory in the kernel module, MMU will generate exception and you will see "invalid virtual memory" access.
You have to pass virtual memory address.