How to access an entry from a void pointer?

Question

I want to cast this as a pointer to be able to access the third entry from it. so I used sscanf to convert the string into hex pointer.

The problem is whenever I do s_c_t_addr[2], I get an error "invalid use of void expression". Any hints on what might be the cause of this problem? should I change the type from void*? if yes, what should be the new type?

I am still a beginner, so go easy on me

Answer 1

The correct type for sys_call_table depends on the architecture. On x86 is sys_call_ptr_t *, since it's an array of function pointers, on ARM64 it's syscall_fn_t **. You can declare it like this:

sys_call_ptr_t *sys_call_table;

In any case, it should be fine even if declared as void **:

void **sys_call_table;

Then, since you are writing a kernel module, there's no need to complicate your life by reading and parsing the contents of System.map, you can use kallsym_lookup_name() (including linux/kallsym.h). This will also work with KASLR enabled.

sys_call_table = (sys_call_ptr_t)kallsyms_lookup_name("sys_call_table");

In your case, it should be:

sys_call_ptr_t *sys_call_table;
char *sys_call_table_addr;
unsigned long ul;

// ...

sscanf(sys_call_table_addr, "%lx", &ul);
sys_call_table = (sys_call_ptr_t *)ul;

Finally, you can obtain the address of fork just like you are doing, but on the right variable (not char *), and remember that it is a pointer, and therefore the correct format specifier is %px if you want to print the real address (or %p if you want to print a hashed address, see this documentation page for more details).

printk(KERN_INFO "fork address: %px\n", sys_call_table[__NR_fork]);