在用户模式下阅读kallsyms [英] Reading kallsyms in user-mode

问题描述

我正在编写有关低级内容的代码.我需要知道内核符号地址才能编写可靠的代码.所以我试图在Ubuntu内核3.0.19中以用户模式读取时读kallsyms.这就是在用户模式下输出的kallsyms.

i'm writing the code about low-level stuff. i need to know kernel symbol addresses to write reliable code. So im trying to read the kallsyms when im in user-mode in Ubuntu kernel-3.0.19. and that's kallsyms output in user-mode.

... 00000000 r __ksymtab_prepare_kernel_cred 00000000 r __kcrctab_prepare_kernel_cred 00000000 r __kstrtab_prepare_kernel_cred ...

... 00000000 r __ksymtab_prepare_kernel_cred 00000000 r __kcrctab_prepare_kernel_cred 00000000 r __kstrtab_prepare_kernel_cred ...

我该如何在用户模式下解决此问题.当我扎根并且一切都还可以的时候，那不是我所需要的.

how can i solve this problem in user-mode. when im root and everyting's ok but that's not what i need.

谢谢.

推荐答案

对于非root用户，/proc/kallsyms故意显示零而不是实际地址.这样可以降低安全风险.

It is intentional that /proc/kallsyms shows zeros instead of the real addresses for a non-root user. This lowers the security risk a bit.

有关详细信息，请参见 s_show( )在kallsyms.c 中起作用，s_show负责在/proc/kallsyms中提供记录.

The details are available in this upstream commit. See also how %pK print specifier is used in s_show() function in kallsyms.c, s_show being responsible for providing a record in /proc/kallsyms.

我怀疑在没有root用户的情况下仍然有可能获得符号地址.没有root权限的人也无法访问System.map.写入/proc/sys/kernel/kptr_restrict相同.

I doubt it is still possible to get symbol addresses somehow without being a root user. One can not access System.map without root privileges either. Same for writing to /proc/sys/kernel/kptr_restrict.

这篇关于在用户模式下阅读kallsyms的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！