问题描述
我正在编写有关低级内容的代码.我需要知道内核符号地址才能编写可靠的代码.所以我试图在Ubuntu内核3.0.19中以用户模式读取时读kallsyms.这就是在用户模式下输出的kallsyms.
i'm writing the code about low-level stuff. i need to know kernel symbol addresses to write reliable code. So im trying to read the kallsyms when im in user-mode in Ubuntu kernel-3.0.19. and that's kallsyms output in user-mode.
...00000000 r __ksymtab_prepare_kernel_cred00000000 r __kcrctab_prepare_kernel_cred00000000 r __kstrtab_prepare_kernel_cred...
...00000000 r __ksymtab_prepare_kernel_cred00000000 r __kcrctab_prepare_kernel_cred00000000 r __kstrtab_prepare_kernel_cred...
我该如何在用户模式下解决此问题.当我扎根并且一切都还可以的时候,那不是我所需要的.
how can i solve this problem in user-mode. when im root and everyting's ok but that's not what i need.
谢谢.
推荐答案
对于非root用户,/proc/kallsyms
故意显示零而不是实际地址.这样可以降低安全风险.
It is intentional that /proc/kallsyms
shows zeros instead of the real addresses for a non-root user. This lowers the security risk a bit.
有关详细信息,请参见此上游提交.另请参阅在 s_show( )在kallsyms.c 中起作用,s_show
负责在/proc/kallsyms
中提供记录.
The details are available in this upstream commit. See also how %pK
print specifier is used in s_show() function in kallsyms.c, s_show
being responsible for providing a record in /proc/kallsyms
.
我怀疑在没有root用户的情况下仍然有可能获得符号地址.没有root权限的人也无法访问System.map
.写入/proc/sys/kernel/kptr_restrict
相同.
I doubt it is still possible to get symbol addresses somehow without being a root user. One can not access System.map
without root privileges either. Same for writing to /proc/sys/kernel/kptr_restrict
.
这篇关于在用户模式下阅读kallsyms的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!