Will all kernel functions be loaded into memory, in the same address space with kernel modules?
Yue Chen
ycyc321 at gmail.com
Tue Jan 27 05:22:31 UTC 2015
My purpose is to modify kernel function instructions directly through
memory at runtime.
First I use "objdump -S kernel" to see the function names and their
addresses. And then I use pointers to peek into the content at certain
function address area (.text segment). However, their content is different
from the result from "objdump -S kernel". I use a FreeBSD 10.1 kernel,
which has no ASLR supported as I know.
Is it because that the kernel function addresses are relocated? Or some
kernel functions are not loaded into memory? Or is it not suitable to peek
kernel ".text" content from a kernel module?
I only "objdump -S" the built "kernel" with debug symbols, not ".ko" files.
More information about the freebsd-hackers
mailing list