Date: Tue, 27 Jan 2015 14:14:28 +0100 From: Oliver Pinter <oliver.pinter@hardenedbsd.org> To: Yue Chen <ycyc321@gmail.com> Cc: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>, FreeBSD-Current <freebsd-current@freebsd.org> Subject: Re: Will all kernel functions be loaded into memory, in the same address space with kernel modules? Message-ID: <CAPQ4fftDz=6_7E%2Bsjz967arXHkq0LQT1PhRBG_%2BSgetdbjgoRw@mail.gmail.com> In-Reply-To: <CAKtBrB4NJw-0ydw2KPq%2BxkjNm4N51e9zkV2Htq3P5cdUj5Jw1Q@mail.gmail.com> References: <CAKtBrB4NJw-0ydw2KPq%2BxkjNm4N51e9zkV2Htq3P5cdUj5Jw1Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 27, 2015 at 6:21 AM, Yue Chen <ycyc321@gmail.com> wrote: > My purpose is to modify kernel function instructions directly through > memory at runtime. > > First I use "objdump -S kernel" to see the function names and their > addresses. And then I use pointers to peek into the content at certain > function address area (.text segment). However, their content is different > from the result from "objdump -S kernel". I use a FreeBSD 10.1 kernel, > which has no ASLR supported as I know. > > Is it because that the kernel function addresses are relocated? Or some > kernel functions are not loaded into memory? Or is it not suitable to peek > kernel ".text" content from a kernel module? > > I only "objdump -S" the built "kernel" with debug symbols, not ".ko" files. Take a look at this branch: https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/intel-smap > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPQ4fftDz=6_7E%2Bsjz967arXHkq0LQT1PhRBG_%2BSgetdbjgoRw>