访问在Linux 2.6.x的任何存储位置 [英] Accessing any memory locations under Linux 2.6.x
问题描述
我使用的是x86机器上的Slackware 12.2。我试图调试/倾倒的内存特定部分弄清楚的事情。不幸的是我对Linux内核的知识是相当有限的,以我所需要的编程/渗透测试。
I'm using Slackware 12.2 on an x86 machine. I'm trying to debug/figure out things by dumping specific parts of memory. Unfortunately my knowledge on the Linux kernel is quite limited to what I need for programming/pentesting.
因此,这里是我的问题:有没有访问任何一点在内存中的方法吗?我试图用一个字符指针,这样做,这样它只会是一个字节长。然而,程序崩溃和在大自然吐出来了一句:不能访问内存位置。现在我指着00000000哪个位置所在的系统存储它的中断向量(除非改变),这应该不是真的事
So here's my question: Is there a way to access any point in memory? I tried doing this with a char pointer so that It would only be a byte long. However the program crashed and spat out something in that nature of: "can't access memory location". Now I was pointing at the 0x00000000 location which where the system stores it's interrupt vectors (unless that changed), which shouldn't matter really.
现在我的理解是内核将分配内存(数据,栈,堆等)的程序,而且程序将无法去其他地方。所以我想用NASM告诉CPU直接去获取我需要什么,但我不能确定,将工作(我需要弄清楚如何MASM转化为NASM)的。
Now my understanding is the kernel will allocate memory (data, stack, heap, etc) to a program and that program will not be able to go anywhere else. So I was thinking of using NASM to tell the CPU to go directly fetch what I need but I'm unsure if that would work (and I would need to figure out how to translate MASM to NASM).
好吧,那么有我的长篇大论的独白。从本质上讲我的问题是:难道有办法做到这一点
Alright, well there's my long winded monologue. Essentially my question is: "Is there a way to achieve this?".
反正...
推荐答案
如果你的程序在用户模式下运行,那么你的程序内存之外内存将无法访问,通过不择手段。使用ASM不会帮助,也不会对任何其他方法。这是根本不可能的,并且是任何操作系统的核心安全/稳定功能,在保护模式下运行(即所有的人,在过去的20年以上)。 下面是Linux内核的内存管理的简要概述。
If your program is running in user-mode, then memory outside of your process memory won't be accessible, by hook or by crook. Using asm will not help, nor will any other method. This is simply impossible, and is a core security/stability feature of any OS that runs in protected mode (i.e. all of them, for the past 20+ years). Here's a brief overview of Linux kernel memory management.
您可以探索的全部的计算机中的内存空间是使用内核调试器,这将允许您访问任何物理地址的唯一途径。然而,即使是不会让你看的每一个记忆的过程的在同一时间,因为有些进程将被换出主内存。此外,即使在内核模式中,物理地址不一定相同的过程可见的地址。
The only way you can explore the entire memory space of your computer is by using a kernel debugger, which will allow you to access any physical address. However, even that won't let you look at the memory of every process at the same time, since some processes will have been swapped out of main memory. Furthermore, even in kernel mode, physical addresses are not necessarily the same as the addresses visible to the process.
这篇关于访问在Linux 2.6.x的任何存储位置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
