Syscall hijacking x64- unable to handle kernel paging request at ffffffff91000018

Greg KH greg at
Thu Oct 5 14:41:48 EDT 2017

On Thu, Oct 05, 2017 at 08:04:12PM +0200, Wiktoria Lewicka wrote:
> I write kernel module which replace syscall  and have a problem.
> Module can't be loaded because is some problem in memory. I tried fix
> it for 3 hours, but it still not work. This code is working, when I
> choose memory closer sys_call_table (eg. int3 adress from
> /proc/kallsyms), but it isn't always works. Problem is usually, when
> function which search syscall table points to adress which end is 18
> (eg ffffffff91000018, ffffffff81000018). Why its not work? I know, I
> shouldn't do this, but I would like to fix this code for experience in
> kernel memory.

If you know you shouldn't be doing this, then you know why this doesn't
work, and why no one will help you.

Sorry, don't do this, it's not working for a good reason :)

good luck!

greg k-h

More information about the Kernelnewbies mailing list