From owner-freebsd-hackers@FreeBSD.ORG Tue Jan 27 05:22:31 2015 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8571F589; Tue, 27 Jan 2015 05:22:31 +0000 (UTC) Received: from mail-lb0-x234.google.com (mail-lb0-x234.google.com [IPv6:2a00:1450:4010:c04::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1F1B5E06; Tue, 27 Jan 2015 05:22:31 +0000 (UTC) Received: by mail-lb0-f180.google.com with SMTP id b6so11168496lbj.11; Mon, 26 Jan 2015 21:22:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=KNZXOT/St4qZagbNNgrGIex6F3mOnlXw8ET0tpAgPXk=; b=yhBdmMA1QGnb+3REtx72YGybYA8cG0GbISsk8gUOnV/kavwEM7LXrR5MgD07kqgtWH 6z+4DtEjTRqhxjArXKenYbHlfx6E1ME7K7IX+kKRotApCZFhjU9xDtKgZFShMGuPsRuP Z4xYtoxFfah1YynHlYU+IFeT5xwNdVFrHrmaz3FvylGiHVnyO9v6xNyiEVltJbqvH4D4 wrgM7n27a1jEo0upluFLaLHcmTlY7bO+ofTtdw6vMTJVQoRLmPQsmOnBQ35evYTZMxt7 Y0d2zzFyVm2xO2X0hMLzWnE+QxUuKKVI56TElBfX8/XrqdWbZsgojc5l+bKVVThY8SZp At/w== X-Received: by 10.152.161.168 with SMTP id xt8mr1931331lab.35.1422336148896; Mon, 26 Jan 2015 21:22:28 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.12.6 with HTTP; Mon, 26 Jan 2015 21:21:58 -0800 (PST) From: Yue Chen Date: Tue, 27 Jan 2015 00:21:58 -0500 Message-ID: Subject: Will all kernel functions be loaded into memory, in the same address space with kernel modules? To: freebsd-hackers@freebsd.org, freebsd-current@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jan 2015 05:22:31 -0000 My purpose is to modify kernel function instructions directly through memory at runtime. First I use "objdump -S kernel" to see the function names and their addresses. And then I use pointers to peek into the content at certain function address area (.text segment). However, their content is different from the result from "objdump -S kernel". I use a FreeBSD 10.1 kernel, which has no ASLR supported as I know. Is it because that the kernel function addresses are relocated? Or some kernel functions are not loaded into memory? Or is it not suitable to peek kernel ".text" content from a kernel module? I only "objdump -S" the built "kernel" with debug symbols, not ".ko" files.