使用/dev/kmem从内核读取地址值 [英] Read address value from kernel using /dev/kmem
本文介绍了使用/dev/kmem从内核读取地址值的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
尝试读取内核地址值(task_struct)
Trying to read kernel address value (task_struct)
编写此代码:
#include <sys/types.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#define addr 0xe6d63a80
extern int errno;
int main()
{
int i;
unsigned char *kmem;
unsigned char val;
int fd = open("/dev/kmem",O_RDWR|O_SYNC);
if(fd < 0)
{
printf("Can't open /dev/kmem\n");
return 1;
}
kmem = (unsigned char *) mmap(0, getpagesize(), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0xe6d63000);
if(kmem == NULL)
{
printf("Can't mmap\n");
return 1;
}
else
printf("kmem=%p\n",kmem);
return 0;
}
但是会产生:
kmem=0xffffffff
哪个看起来不像是指向内存值的有效指针.
Which does not look like a valid pointer to values of memory.
如何读取内核内存的内容?在这种情况下:0xe6d63a80.我知道task_struct就在那里,因为我已经通过调试器对其进行了验证.
How to read content of kernel memory? In this case: 0xe6d63a80. I know task_struct is there, since I verified it with the debugger.
谢谢
推荐答案
即mmap
返回-1.但是,您已经分配了值,并且将其打印为未签名,因此这就是为什么看到0xffffffff
的原因.您应该检查mmap
返回和错误,然后检查errno
原因.
That is mmap
returning -1. You've assigned the value and are printingit as unsigned, though, so that is why you are seeing 0xffffffff
. You should check for mmap
returning and error and then check errno
for the cause.
kmem = (unsigned char *) mmap(0, getpagesize(), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0xe6d63000);
if (kmem == MAP_FAILED) {
perror("Error mapping memory");
return -1;
}
查看手册页.
这篇关于使用/dev/kmem从内核读取地址值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文