使用/dev/kmem从内核读取地址值 [英] Read address value from kernel using /dev/kmem
本文介绍了使用/dev/kmem从内核读取地址值的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
尝试读取内核地址值(task_struct)
Trying to read kernel address value (task_struct)
编写此代码:
#include <sys/types.h>
#include <unistd.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#define addr 0xe6d63a80
extern int errno;
int main()
{
int i;
unsigned char *kmem;
unsigned char val;
int fd = open("/dev/kmem",O_RDWR|O_SYNC);
if(fd < 0)
{
printf("Can't open /dev/kmem\n");
return 1;
}
kmem = (unsigned char *) mmap(0, getpagesize(), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0xe6d63000);
if(kmem == NULL)
{
printf("Can't mmap\n");
return 1;
}
else
printf("kmem=%p\n",kmem);
return 0;
}
但是会产生:
kmem=0xffffffff
哪个看起来不像是指向内存值的有效指针.
Which does not look like a valid pointer to values of memory.
如何读取内核内存的内容?在这种情况下:0xe6d63a80.我知道task_struct就在那里,因为我已经通过调试器对其进行了验证.
How to read content of kernel memory? In this case: 0xe6d63a80. I know task_struct is there, since I verified it with the debugger.
谢谢
推荐答案
即mmap返回-1.但是,您已经分配了值,并且将其打印为未签名,因此这就是为什么看到0xffffffff的原因.您应该检查mmap返回和错误,然后检查errno原因.
That is mmap returning -1. You've assigned the value and are printingit as unsigned, though, so that is why you are seeing 0xffffffff. You should check for mmap returning and error and then check errno for the cause.
kmem = (unsigned char *) mmap(0, getpagesize(), PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0xe6d63000);
if (kmem == MAP_FAILED) {
perror("Error mapping memory");
return -1;
}
查看手册页.
这篇关于使用/dev/kmem从内核读取地址值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
