Whats rr0d ?

RR0D is a ring 0 debugger. It offers the possibility to debug any kind of code (kernel/user/rasta land). Its philosophy is to be OS independent. That’s why RR0D can today be installed on Linux, *BSD, Wind0ws.

How the hell does it work ?

It works fine. Thanks. Actually, the goal is to keep the code low level enough to *not* use any kernel host code. RR0D is a sort of stand-alone module that installs hooks at each important point to realize such a dream. The only part that is OS dependent is the kernel module interface.

root::qnix[0]@~ $ wget http://rr0d.droids-corp.org/rr0d_snapshot.tar.gz
root::qnix[0]@~ $ tar xzf rr0d_snapshot.tar.gz
root::qnix[0]@~ $ cd rr0d_08-02-24/0.3/

We downloaded the daily CVS shoot, unpacked it and went to rr0d_08-02-24/0.3/ folder
which most of the work will be done here.

* Configuring it

Make sure you have the kernel sourcecode at /usr/src or at least
the kernel headers Now you must configure rr0d in a file called config.h
open it and read it, its not that hard … if you need help or info
you’ll find a file called README .. read it please , and if you still having problems
contact me.

* Building it

if your using kernel 2.6* copy Makefile-26 to Makefile , then do make

root::qnix[0]@~/rr0d_08-02-24/0.3 $ cp Makefile-26 Makefile ; make

if your using other kernel’s version copy Makefile-linux to makefile, then do make

root::qnix[0]@~/rr0d_08-02-24/0.3 $ cp Makefile-linux Makefile ; make

* Installing it & Testing it

Now you’ll have a file called rr0d.ko , type

root::qnix[0]@~/rr0d_08-02-24/0.3 $ insmod rr0d.ko

Done its installed …

now we are going to test it … open a new file called hellorasta.c and write

#include <stdio.h>
int main() {
// to active rr0d
__asm("int $0x3;");
write(0, "Hello\n", 6);
return 0;
}

now compile the code run it.. thats it rr0d will get active and you’ll see something like this ^_^

as you can see this simple code
__asm(“int $0×3;”);
which wakes up rr0d :>

thats enough!!