Date: Tue, 27 Jan 2015 00:21:58 -0500 From: Yue Chen <ycyc321@gmail.com> To: freebsd-hackers@freebsd.org, freebsd-current@freebsd.org Subject: Will all kernel functions be loaded into memory, in the same address space with kernel modules? Message-ID: <CAKtBrB4NJw-0ydw2KPq%2BxkjNm4N51e9zkV2Htq3P5cdUj5Jw1Q@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
My purpose is to modify kernel function instructions directly through memory at runtime. First I use "objdump -S kernel" to see the function names and their addresses. And then I use pointers to peek into the content at certain function address area (.text segment). However, their content is different from the result from "objdump -S kernel". I use a FreeBSD 10.1 kernel, which has no ASLR supported as I know. Is it because that the kernel function addresses are relocated? Or some kernel functions are not loaded into memory? Or is it not suitable to peek kernel ".text" content from a kernel module? I only "objdump -S" the built "kernel" with debug symbols, not ".ko" files.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKtBrB4NJw-0ydw2KPq%2BxkjNm4N51e9zkV2Htq3P5cdUj5Jw1Q>