3rd-party/linux-kernel-module-cheat
1
0
Fork 0
mirror of https://github.com/cirosantilli/linux-kernel-module-cheat.git synced 2026-01-28 04:24:26 +01:00
Code Issues Releases Wiki Activity

bak

Browse Source
This commit is contained in:
Ciro Santilli
2017-10-07 07:21:40 +01:00
parent b89ba9b799
commit b3b1df5560
2 changed files with 46 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@@ -384,6 +384,15 @@ And then tell GDB where the module was loaded with:
Ctrl + C Ctrl + C
add-symbol-file ../kernel_module-1.0/fops.ko 0xfffffffa00000000 add-symbol-file ../kernel_module-1.0/fops.ko 0xfffffffa00000000
### Debug kernel early boot
TODO: why can't we break at early startup stuff such as:
./rungdb extract_kernel
./rungdb main
See also: <https://stackoverflow.com/questions/2589845/what-are-the-first-operations-that-the-linux-kernel-executes-on-boot>
## Other architectures ## Other architectures
The portability of the kernel and toolchains is amazing: change an option and most things magically work on completely different hardware. The portability of the kernel and toolchains is amazing: change an option and most things magically work on completely different hardware.
@@ -602,6 +611,29 @@ which automatically finds unstripped shared libraries on the host for us.
See also: <https://stackoverflow.com/questions/8611194/debugging-shared-libraries-with-gdbserver/45252113#45252113> See also: <https://stackoverflow.com/questions/8611194/debugging-shared-libraries-with-gdbserver/45252113#45252113>
### Debug userland process directly from QEMU
GDB breakpoints are set on virtual addresses, so you can in theory debug userland processes as well.
<https://stackoverflow.com/questions/26271901/is-it-possible-to-use-gdb-and-qemu-to-debug-linux-user-space-programs-and-kernel>
./runqemu -d -e 'init=/rand_check.out' -n
On another shell:
buildroot/output.x86_64~/host/usr/bin/x86_64-linux-readelf -h buildroot/output.x86_64~/build/kernel_module-1.0/user/rand_check.out | grep Entry
# Entry point address: 0x400560
buildroot/output.x86_64~/host/usr/bin/x86_64-linux-readelf -s buildroot/output.x86_64~/build/kernel_module-1.0/user/rand_check.out | grep -E '\bmain\b'
# 68: 0000000000400748 309 FUNC GLOBAL DEFAULT 8 main
./rungdb '*0x400748'
Alternatively, from inside GDB you can do the more succinct:
shell ../../host/usr/bin/x86_64-linux-readelf -h ../kernel_module-1.0/user/rand_check.out | grep Ent
shell ../../host/usr/bin/x86_64-linux-readelf -s ../kernel_module-1.0/user/rand_check.out | grep -E '\bmain\b'
Those steps should be fully automatable `.gdbinit` script.
## X11 ## X11
Only tested successfully in `x86_64`: Only tested successfully in `x86_64`:

19
rungdb
View File

@@ -2,13 +2,20 @@
set -e set -e
arch=x86_64 arch='x86_64'
bdfore=''
kgdb=false kgdb=false
while getopts a:k OPT; do while getopts A:a:b:k OPT; do
case "$OPT" in case "$OPT" in
a) a)
arch="$OPTARG" arch="$OPTARG"
;; ;;
A)
after="$OPTARG"
;;
b)
before="$OPTARG"
;;
k) k)
kgdb=true kgdb=true
;; ;;
@@ -17,13 +24,14 @@ done
shift "$(($OPTIND - 1))" shift "$(($OPTIND - 1))"
if [ "$#" -gt 0 ]; then if [ "$#" -gt 0 ]; then
brk="-ex 'break $1'" brk="-ex 'break $1'"
shift
else else
brk='' brk=''
fi fi
buildroot_out_dir="$(pwd)/buildroot/output.${arch}~" buildroot_out_dir="$(pwd)/buildroot/output.${arch}~"
gdb="${buildroot_out_dir}/host/usr/bin/${arch}-linux-gdb" gdb="${buildroot_out_dir}/host/usr/bin/${arch}-linux-gdb $before"
cd "${buildroot_out_dir}/build"/linux-custom/ cd "${buildroot_out_dir}/build/linux-custom/"
if "$kgdb"; then if "$kgdb"; then
cmd="$gdb \ cmd="$gdb \
-q \ -q \
@@ -48,7 +56,7 @@ else
-ex 'disconnect' \ -ex 'disconnect' \
-ex 'set arch i386:x86-64' \ -ex 'set arch i386:x86-64' \
-ex 'target remote localhost:1234' \ -ex 'target remote localhost:1234' \
-ex 'lx-symbols ../kernel_module-1.0/' -ex 'lx-symbols ../kernel_module-1.0/' \
" "
;; ;;
'arm'|'aarch64'|'mips64') 'arm'|'aarch64'|'mips64')
@@ -63,5 +71,6 @@ else
;; ;;
esac esac
fi fi
cmd="$cmd $after"
echo "$cmd" echo "$cmd"
eval "$cmd" eval "$cmd"