Hi,
Since module is loaded in non-contiguous memory, there has to be an
entry in the kernel page table for all modules that are loaded on the
system. I am trying to find entries corresponding to my module text in
the page tables.
I am not clear about how the kernel page table is organized after the
system switches to protected mode.
I printed out the page starting with swapper_pg_dir . But I do not
find the addresses for all the modules loaded in the system.
Do I still need to read the pg0 and pg1 pages ?
If somebody can explain how to traverse the kernel page tables, that
would be very helpful.
thanks,
Allison
On Mon, Apr 18, 2005 at 02:20:51AM -0400, Allison wrote:
> If somebody can explain how to traverse the kernel page tables, that
> would be very helpful.
It might help if you explained what you are trying to do...
>-----Original Message-----
>From: [email protected]
>[mailto:[email protected]] On Behalf Of Allison
>Sent: Sunday, April 17, 2005 11:21 PM
>To: [email protected]
>Subject: Kernel page table and module text
>
>Hi,
>
>Since module is loaded in non-contiguous memory, there has to be an
>entry in the kernel page table for all modules that are loaded on the
>system. I am trying to find entries corresponding to my module text in
>the page tables.
>
>I am not clear about how the kernel page table is organized after the
>system switches to protected mode.
>
>I printed out the page starting with swapper_pg_dir . But I do not
>find the addresses for all the modules loaded in the system.
>
>Do I still need to read the pg0 and pg1 pages ?
>
>If somebody can explain how to traverse the kernel page tables, that
>would be very helpful.
>
>thanks,
>Allison
>-
>To unsubscribe from this list: send the line "unsubscribe
>linux-kernel" in
>the body of a message to [email protected]
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>Please read the FAQ at http://www.tux.org/lkml/
>
You can find some details here:
http://www.csn.ul.ie/~mel/projects/vm/guide/pdf/understand.pdf
But whatever your purpose is, I doubt you would want to use PTEs.
Aleks.
I want to do the following.
I want to find where each module is loaded in memory by traversing the
module list . Once I have the address and the size of the module, I
want to read the bytes in memory of the module and hash it to check
it's integrity.
How do I,
1. Traverse the module list and find it's address
2. Read the kernel page table to find the physical address of the
module location
thanks,
Allison
Allison wrote:
> Hi,
>
> Since module is loaded in non-contiguous memory, there has to be an
> entry in the kernel page table for all modules that are loaded on the
> system. I am trying to find entries corresponding to my module text in
> the page tables.
>
> I am not clear about how the kernel page table is organized after the
> system switches to protected mode.
>
> I printed out the page starting with swapper_pg_dir . But I do not
> find the addresses for all the modules loaded in the system.
>
> Do I still need to read the pg0 and pg1 pages ?
>
> If somebody can explain how to traverse the kernel page tables, that
> would be very helpful.
>
> thanks,
> Allison
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
> I want to find where each module is loaded in memory by traversing the
> module list . Once I have the address and the size of the module, I
> want to read the bytes in memory of the module and hash it to check
> it's integrity.
>
Heres some code I wrote for Stargames to do a CRC tracking of every
module loaded, it may have a race condition on module unload, but it
works perfectly for what they want to use it for....
It just runs a kthread doing the CRCing of the kernel test and modules
every so often...
I also have similiar code to do the same for shared objects loaded in
userspace, but it requires a daemon in userspace to the CRCing whose
license I'm not entirely sure of..
Dave.
Allison <[email protected]> wrote:
> I want to find where each module is loaded in memory by traversing the
> module list . Once I have the address and the size of the module, I
> want to read the bytes in memory of the module and hash it to check
> it's integrity.
JFTR: This may work against random memory corruption, but it will fail for
detecting attacks.
--
Top 100 things you don't want the sysadmin to say:
54. Uh huh......"nu -k $USER".. no problem....sure thing...
>
> > I want to find where each module is loaded in memory by traversing the
> > module list . Once I have the address and the size of the module, I
> > want to read the bytes in memory of the module and hash it to check
> > it's integrity.
>
> JFTR: This may work against random memory corruption, but it will fail for
> detecting attacks.
Thats all I use my code for, dumb government regulation says you have
to check for random memory corruption in text segments.. written back
in the old 8-bit controller + EEPROM days ...
Dave.