* Read /dev/kmem failed
@ 2006-03-22 1:29 openbsd shen
2006-03-22 16:04 ` Glynn Clements
2006-03-26 17:32 ` Mikado
0 siblings, 2 replies; 4+ messages in thread
From: openbsd shen @ 2006-03-22 1:29 UTC (permalink / raw)
To: linux-c-programming
struct descriptor_idt {
unsigned short offset_low, seg_selector;
unsigned char reserved, flag;
unsigned short offset_high;
};
.......
struct descriptor_idt *descriptor;
.......
fd_kmem = open("/dev/kmem", O_RDWR);
ptr_idt = get_addr_idt();
descriptor = (struct descriptor_idt *) malloc(sizeof(struct
descriptor_idt));
......
readkmem(descriptor, ptr_idt + 8 * x, sizeof(struct descriptor_idt));
......
void readkmem(void *m, unsigned off, int size)
{
int i;
if (lseek(fd_kmem, off, SEEK_SET) != off) {
fprintf(stderr, "Error lseek. Are you root? \n");
exit(-1);
}
if ((i = read(fd_kmem, m, size)) != size) {
fprintf(stderr, "Error read kmem, only read %d bytes\n",i);
perror("read");
exit(-1);
}
}
unsigned long get_addr_idt(void)
{
unsigned char idtr[6];
unsigned long idt;
__asm__ volatile ("sidt %0":"=m" (idtr));
idt = *((unsigned long *) &idtr[2]);
return (idt);
}
----------------------------------------------------------------------
When run it, the output is:
Error read kmem, only read 0 bytes
read: Success
I don't know why read error?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Read /dev/kmem failed
2006-03-22 1:29 Read /dev/kmem failed openbsd shen
@ 2006-03-22 16:04 ` Glynn Clements
2006-03-26 17:32 ` Mikado
1 sibling, 0 replies; 4+ messages in thread
From: Glynn Clements @ 2006-03-22 16:04 UTC (permalink / raw)
To: openbsd shen; +Cc: linux-c-programming
openbsd shen wrote:
> struct descriptor_idt {
> unsigned short offset_low, seg_selector;
> unsigned char reserved, flag;
> unsigned short offset_high;
> };
>
> .......
>
> struct descriptor_idt *descriptor;
> .......
>
> fd_kmem = open("/dev/kmem", O_RDWR);
> ptr_idt = get_addr_idt();
> descriptor = (struct descriptor_idt *) malloc(sizeof(struct descriptor_idt));
> ......
> readkmem(descriptor, ptr_idt + 8 * x, sizeof(struct descriptor_idt));
>
> ......
>
> void readkmem(void *m, unsigned off, int size)
> {
> int i;
> if (lseek(fd_kmem, off, SEEK_SET) != off) {
> fprintf(stderr, "Error lseek. Are you root? \n");
> exit(-1);
> }
> if ((i = read(fd_kmem, m, size)) != size) {
> fprintf(stderr, "Error read kmem, only read %d bytes\n",i);
> perror("read");
> exit(-1);
> }
> }
>
> unsigned long get_addr_idt(void)
> {
> unsigned char idtr[6];
> unsigned long idt;
> __asm__ volatile ("sidt %0":"=m" (idtr));
> idt = *((unsigned long *) &idtr[2]);
> return (idt);
> }
> ----------------------------------------------------------------------
> When run it, the output is:
>
> Error read kmem, only read 0 bytes
> read: Success
>
>
> I don't know why read error?
A return value of 0 from read indicates that you are trying to read
beyond the end of the file.
In this case, it's because you are interpreting the IDT address in the
wrong address space. ptr_idt will be in the process' virtual address
space; on x86, it will be above the 3Gb mark, and your /dev/kmem
probably isn't that large (even if it was, you would be reading the
wrong data).
If you can translate it to a physical address, you can use that as an
offset into /dev/mem, but I have no idea how to perform that
translation from user-space.
--
Glynn Clements <glynn@gclements.plus.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Read /dev/kmem failed
2006-03-22 1:29 Read /dev/kmem failed openbsd shen
2006-03-22 16:04 ` Glynn Clements
@ 2006-03-26 17:32 ` Mikado
2006-03-26 17:50 ` Steve Graegert
1 sibling, 1 reply; 4+ messages in thread
From: Mikado @ 2006-03-26 17:32 UTC (permalink / raw)
To: openbsd shen; +Cc: linux-c-programming
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> struct descriptor_idt {
> unsigned short offset_low, seg_selector;
> unsigned char reserved, flag;
> unsigned short offset_high;
> };
>
> .......
>
> struct descriptor_idt *descriptor;
> .......
>
> fd_kmem = open("/dev/kmem", O_RDWR);
> ptr_idt = get_addr_idt();
> descriptor = (struct descriptor_idt *) malloc(sizeof(struct
> descriptor_idt));
> ......
> readkmem(descriptor, ptr_idt + 8 * x, sizeof(struct descriptor_idt));
>
> ......
>
> void readkmem(void *m, unsigned off, int size)
> {
> int i;
> if (lseek(fd_kmem, off, SEEK_SET) != off) {
> fprintf(stderr, "Error lseek. Are you root? \n");
> exit(-1);
> }
> if ((i = read(fd_kmem, m, size)) != size) {
> fprintf(stderr, "Error read kmem, only read %d bytes\n",i);
> perror("read");
> exit(-1);
> }
> }
>
> unsigned long get_addr_idt(void)
> {
> unsigned char idtr[6];
> unsigned long idt;
> __asm__ volatile ("sidt %0":"=m" (idtr));
> idt = *((unsigned long *) &idtr[2]);
> return (idt);
> }
> ----------------------------------------------------------------------
> When run it, the output is:
>
> Error read kmem, only read 0 bytes
> read: Success
>
>
> I don't know why read error?
finding sys_call_table, system calls' addresses and patching kernel
on-the-fly, isn't it?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEJtA1NWc9T2Wr2JcRAt+/AJwMnoR9grdus8ajTjjIJhuNfc8BOQCZAQhI
ESRe1fcd/1tEVD3PRakjkgs=
=H7ni
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Read /dev/kmem failed
2006-03-26 17:32 ` Mikado
@ 2006-03-26 17:50 ` Steve Graegert
0 siblings, 0 replies; 4+ messages in thread
From: Steve Graegert @ 2006-03-26 17:50 UTC (permalink / raw)
To: linux-c-programming
On 3/26/06, Mikado <mikado4vn@gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > struct descriptor_idt {
> > unsigned short offset_low, seg_selector;
> > unsigned char reserved, flag;
> > unsigned short offset_high;
> > };
> >
> > .......
> >
> > struct descriptor_idt *descriptor;
> > .......
> >
> > fd_kmem = open("/dev/kmem", O_RDWR);
> > ptr_idt = get_addr_idt();
> > descriptor = (struct descriptor_idt *) malloc(sizeof(struct
> > descriptor_idt));
> > ......
> > readkmem(descriptor, ptr_idt + 8 * x, sizeof(struct descriptor_idt));
> >
> > ......
> >
> > void readkmem(void *m, unsigned off, int size)
> > {
> > int i;
> > if (lseek(fd_kmem, off, SEEK_SET) != off) {
> > fprintf(stderr, "Error lseek. Are you root? \n");
> > exit(-1);
> > }
> > if ((i = read(fd_kmem, m, size)) != size) {
> > fprintf(stderr, "Error read kmem, only read %d bytes\n",i);
> > perror("read");
> > exit(-1);
> > }
> > }
> >
> > unsigned long get_addr_idt(void)
> > {
> > unsigned char idtr[6];
> > unsigned long idt;
> > __asm__ volatile ("sidt %0":"=m" (idtr));
> > idt = *((unsigned long *) &idtr[2]);
> > return (idt);
> > }
> > ----------------------------------------------------------------------
> > When run it, the output is:
> >
> > Error read kmem, only read 0 bytes
> > read: Success
> >
> >
> > I don't know why read error?
>
> finding sys_call_table, system calls' addresses and patching kernel
> on-the-fly, isn't it?
Yes, Phrack 58 <http://www.phrack.org/phrack/58/p58-0x07>
\Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-03-26 17:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-22 1:29 Read /dev/kmem failed openbsd shen
2006-03-22 16:04 ` Glynn Clements
2006-03-26 17:32 ` Mikado
2006-03-26 17:50 ` Steve Graegert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).