Will all kernel functions be loaded into memory, in the same address space with kernel modules?
Oliver Pinter
oliver.pinter at hardenedbsd.org
Tue Jan 27 13:14:30 UTC 2015
On Tue, Jan 27, 2015 at 6:21 AM, Yue Chen <ycyc321 at gmail.com> wrote:
> My purpose is to modify kernel function instructions directly through
> memory at runtime.
>
> First I use "objdump -S kernel" to see the function names and their
> addresses. And then I use pointers to peek into the content at certain
> function address area (.text segment). However, their content is different
> from the result from "objdump -S kernel". I use a FreeBSD 10.1 kernel,
> which has no ASLR supported as I know.
>
> Is it because that the kernel function addresses are relocated? Or some
> kernel functions are not loaded into memory? Or is it not suitable to peek
> kernel ".text" content from a kernel module?
>
> I only "objdump -S" the built "kernel" with debug symbols, not ".ko" files.
Take a look at this branch:
https://github.com/HardenedBSD/hardenedBSD/tree/hardened/current/intel-smap
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
More information about the freebsd-current
mailing list