![\"\"](\"http:\/\/malwrforensics.com\/en\/wp-content\/uploads\/2020\/04\/patch_native_write_cr0.png\")
<\/figure>\n\n\n\n- $ make menuconfig<\/li>
- $ make -j$(nproc)<\/li>
- $ make modules<\/li>
- $ sudo make modules_install<\/li>
- $ sudo make install<\/li><\/ul>\n\n\n\n
Happy hooking syscalls \ud83d\ude42<\/p>\n\n\n\n
Hint: cat \/proc\/kallsyms | grep sys_call_table<\/em> has the address you’re looking for.<\/p>\n","protected":false},"excerpt":{"rendered":"
If you ever want to disable the WriteProtect (WP) bit you’ll need to read\/write access to the CR0 register. The problem is that the write_cr0 function provided by the linux kernel has been tweaked to prevent this exact thing. Here are the steps you need to follow to compile a new kernel and have the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[53,1],"tags":[127,118,121,114,123,120,15,115,116,119,122],"class_list":["post-331","post","type-post","status-publish","format-standard","hentry","category-linux","category-security","tag-centos","tag-compile-linux-kernel","tag-cr-pinning","tag-cr0-register","tag-kallsyms","tag-sys_call_table","tag-ubuntu","tag-wp-bit","tag-write-protect","tag-write_cr0","tag-x86_cr0_wp"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[]}},"featured_image_urls_v2":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":""},"post_excerpt_stackable_v2":"
If you ever want to disable the WriteProtect (WP) bit you’ll need to read\/write access to the CR0 register. The problem is that the write_cr0 function provided by the linux kernel has been tweaked to prevent this exact thing. Here are the steps you need to follow to compile a new kernel and have the changed removed: Go to https:\/\/www.kernel.org\/ and download the latest stable version.$ unxz -v linux-<version>.tar.xz$ tar xvf linux-<version>.tar$ cd linux-<version>$ cp -v \/boot\/config-$(uname -r) .configUbuntu: $ sudo apt-get build-dep linux linux-image-$(uname -r) && apt-get install build-essential libncurses-dev flex bison openssl libssl-dev dkms libelf-dev libudev-dev libpci-dev libiberty-dev…<\/p>\n","category_list_v2":"Linux+<\/a>, Security<\/a>","author_info_v2":{"name":"malwrforensics","url":"https:\/\/malwrforensics.com\/en\/author\/u_malwrforensics\/"},"comments_num_v2":"0 comments","_links":{"self":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/comments?post=331"}],"version-history":[{"count":13,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/331\/revisions"}],"predecessor-version":[{"id":353,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/posts\/331\/revisions\/353"}],"wp:attachment":[{"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/media?parent=331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/categories?post=331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/malwrforensics.com\/en\/wp-json\/wp\/v2\/tags?post=331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}