Until this very moment, we were only working with user-space code, writing small applications. In this part of the chapter, however, we will implement a small and very simple loadable kernel module (LKM) for Linux.

A few years ago, I was engaged in an interesting project, where the objective was to spot the data processed by certain kernel module. The project was even more challenging due to the fact that, not only did I not have access to the kernel sources, I had no access to the kernel itself, not to mention that it was not an Intel platform. All I knew was the version of the kernel in question and the name and address of the target module.

I had to go a long and interesting way until I was able to build an LKM that was capable of doing the work I needed it to do. At the end, I was able to build an LKM written in C, but I would not have been myself if I did not try to write one in Assembly. It was an unforgettable experience, I have to admit. However, once the project was completed, I decided to try to implement a simple LKM on my development machine. Since the first module was written for a different platform and for a kernel of a different version and taking into account that I decided to pretend like I had no sources for my running kernel, I had to perform almost as much research and reverse engineering, even though I was writing a module for my own system.