From owner-freebsd-current@FreeBSD.ORG Tue Jan 27 13:14:30 2015 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 52D74967 for ; Tue, 27 Jan 2015 13:14:30 +0000 (UTC) Received: from mail-yh0-f47.google.com (mail-yh0-f47.google.com [209.85.213.47]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1682F9C1 for ; Tue, 27 Jan 2015 13:14:29 +0000 (UTC) Received: by mail-yh0-f47.google.com with SMTP id z6so6009050yhz.6 for ; Tue, 27 Jan 2015 05:14:28 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=skaMVlzvIWMqBrhRBd1g9lM09Oj3E/pHPRnm1u3FmOQ=; b=BK7BcvDJ9/2Ll04bRfUI063VxYEyi92lS0z32e+5zGEm6Nht6qyWb27OENpQZkL42h PtJgLDHIBle7Z7FHJghPHvqBvDy1sLUN7wKRmrLzG5VEd1iJ0DNfAz8D3BxDKjWb7TaP 0H1JN2q4zr0q4i8s86i2aDi6ea8uE3tYKvlCXI94vrDbaF4AhxanrOJ43R89NRXSicOY tXDq8iGLU88PKxOzsZ1h5L0ZKXc5gw9pXTDI1VFoHUqWHPNVI7a4rWXDCWB/z479adUU gA8CCdV4YVDeaMYe9lWJY1mxDJ/qLeHGe9IIww6uo3CtwEwd8+TMRD+Uo5J5xYq3L308 UfCQ== X-Gm-Message-State: ALoCoQn9GEiKIKpvCpyn6N8fcuapK0wQKWAr5qyyhP4PHheIdtQj7zYOlb9qcDMpnbtRg8/aEMHi MIME-Version: 1.0 X-Received: by 10.170.174.197 with SMTP id q188mr800822ykd.110.1422364468705; Tue, 27 Jan 2015 05:14:28 -0800 (PST) Received: by 10.170.46.81 with HTTP; Tue, 27 Jan 2015 05:14:28 -0800 (PST) In-Reply-To: References: Date: Tue, 27 Jan 2015 14:14:28 +0100 Message-ID: Subject: Re: Will all kernel functions be loaded into memory, in the same address space with kernel modules? From: Oliver Pinter To: Yue Chen Content-Type: text/plain; charset=UTF-8 Cc: "freebsd-hackers@freebsd.org" , FreeBSD-Current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 13:14:30 -0000 On Tue, Jan 27, 2015 at 6:21 AM, Yue Chen wrote: > My purpose is to modify kernel function instructions directly through > memory at runtime. > > First I use "objdump -S kernel" to see the function names and their > addresses. And then I use pointers to peek into the content at certain > function address area (.text segment). However, their content is different > from the result from "objdump -S kernel". I use a FreeBSD 10.1 kernel, > which has no ASLR supported as I know. > > Is it because that the kernel function addresses are relocated? Or some > kernel functions are not loaded into memory? Or is it not suitable to peek > kernel ".text" content from a kernel module? > > I only "objdump -S" the built "kernel" with debug symbols, not ".ko" files. Take a look at this branch: https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/intel-smap > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"