Last active
December 21, 2015 19:22
-
-
Save zhangyoufu/61e05c9e48d939613652 to your computer and use it in GitHub Desktop.
Linux Kernel Module Debugging using IDA w/o Debug Symbol
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| VMWare .vmx | |
| debugStub.listen.guest64 = "TRUE" | |
| debugStub.listen.guest64.remote = "TRUE" | |
| debugStub.hideBreakpoints = "TRUE" | |
| Note: IDA 64bit can only handle 64-bit long mode | |
| Ref: http://bbs.pediy.com/showthread.php?p=1285364 | |
| Manual Memory Region: | |
| 0 ~ 0xFFFFFFFE/0xFFFFFFFFFFFFFFFE | |
| Symbol: | |
| /proc/kallsyms or /boot/System.map-* | |
| for line in open(r'Z:\kallsyms'): | |
| addr, _, name = line.split() | |
| addr = int( addr, 16 ) | |
| idaapi.set_debug_name( addr, name ) | |
| MakeNameEx( addr, name, SN_NOWARN ) | |
| Breakpoint: | |
| ffffffff81002030 T do_one_initcall | |
| ffffffff81002158 call rdi | |
| ffffffff810409a0 T module_finalize | |
| rdi -> Elf_Ehdr | |
| rsi -> Elf_Shdr | |
| rdx -> struct module | |
| ffffffff813472e0 T module_bug_finalize | |
| rdi -> Elf_Ehdr | |
| rsi -> Elf_Shdr | |
| rdx -> struct module | |
| Layout: (3.8.0-19-generic) | |
| Section Headers: | |
| [Nr] Name Type Address Off Size ES Flg Lk Inf Al | |
| [ 0] NULL 0000000000000000 000000 000000 00 0 0 0 | |
| [ 1] .note.gnu.build-id NOTE FFFFFFFFA0104000 000040 000024 00 A 0 0 4 | |
| [ 2] .text PROGBITS FFFFFFFFA00FF000 000070 003fd8 00 AX 0 0 16 | |
| [ 3] .rela.text RELA FFFFC900000E8160 007160 004ec0 18 24 2 8 | |
| [ 4] .init.text PROGBITS FFFFFFFFA0009000 004048 0001d2 00 AX 0 0 1 | |
| [ 5] .rela.init.text RELA FFFFC900000ED020 00c020 000480 18 24 4 8 | |
| [ 6] .exit.text PROGBITS FFFFFFFFA0102FD8 00421a 000078 00 AX 0 0 1 | |
| [ 7] .rela.exit.text RELA FFFFC900000ED4A0 00c4a0 000108 18 24 6 8 | |
| [ 8] .rodata PROGBITS FFFFFFFFA0104040 0042a0 001000 00 A 0 0 32 | |
| [ 9] .rodata.str1.1 PROGBITS FFFFFFFFA0105040 0052a0 000016 01 AMS 0 0 1 | |
| [10] .parainstructions PROGBITS FFFFFFFFA0105058 0052b8 00005c 00 A 0 0 8 | |
| [11] .rela.parainstructions RELA FFFFC900000ED5A8 00c5a8 000090 18 24 10 8 | |
| [12] .modinfo PROGBITS FFFFC900000E6314 005314 00006e 00 A 0 0 1 | |
| [13] __mcount_loc PROGBITS FFFFFFFFA01050B8 005388 000058 00 A 0 0 8 | |
| [14] .rela__mcount_loc RELA FFFFC900000ED638 00c638 000108 18 24 13 8 | |
| [15] __versions PROGBITS FFFFC900000E63E0 0053e0 000900 00 A 0 0 32 | |
| [16] .data PROGBITS FFFFFFFFA0106000 005ce0 000028 00 WA 0 0 32 | |
| [17] .rela.data RELA FFFFC900000ED740 00c740 000018 18 24 16 8 | |
| [18] .gnu.linkonce.this_module PROGBITS FFFFFFFFA0106040 005d20 000260 00 WA 0 0 32 | |
| [19] .rela.gnu.linkonce.this_module RELA FFFFC900000ED758 00c758 000030 18 24 18 8 | |
| [20] .bss NOBITS FFFFFFFFA01062A0 005f80 000210 00 WA 0 0 32 | |
| [21] .comment PROGBITS FFFFC900000E6F80 005f80 00012d 01 MS 0 0 1 | |
| [22] .note.GNU-stack PROGBITS FFFFC900000E70AD 0060ad 000000 00 0 0 1 | |
| [23] .shstrtab STRTAB FFFFC900000E70AD 0060ad 0000f5 00 0 0 1 | |
| [24] .symtab SYMTAB FFFFFFFFA000A000 006828 000720 18 25 16 8 | |
| [25] .strtab STRTAB FFFFFFFFA000A720 006f48 000212 00 0 0 1 | |
| Section Headers: | |
| [Nr] Name Type Address Off Size ES Flg Lk Inf Al | |
| FFFFC900000E1000 000000 <- rdi: Elf64_Ehdr | |
| [12] .modinfo PROGBITS FFFFC900000E6314 005314 00006e 00 A 0 0 1 | |
| [15] __versions PROGBITS FFFFC900000E63E0 0053e0 000900 00 A 0 0 32 | |
| [21] .comment PROGBITS FFFFC900000E6F80 005f80 00012d 01 MS 0 0 1 | |
| [22] .note.GNU-stack PROGBITS FFFFC900000E70AD 0060ad 000000 00 0 0 1 | |
| [23] .shstrtab STRTAB FFFFC900000E70AD 0060ad 0000f5 00 0 0 1 | |
| FFFFC900000E71A8 0061a8 000680 <- rsi: Elf64_Shdr | |
| [ 3] .rela.text RELA FFFFC900000E8160 007160 004ec0 18 24 2 8 | |
| [ 5] .rela.init.text RELA FFFFC900000ED020 00c020 000480 18 24 4 8 | |
| [ 7] .rela.exit.text RELA FFFFC900000ED4A0 00c4a0 000108 18 24 6 8 | |
| [11] .rela.parainstructions RELA FFFFC900000ED5A8 00c5a8 000090 18 24 10 8 | |
| [14] .rela__mcount_loc RELA FFFFC900000ED638 00c638 000108 18 24 13 8 | |
| [17] .rela.data RELA FFFFC900000ED740 00c740 000018 18 24 16 8 | |
| [19] .rela.gnu.linkonce.this_module RELA FFFFC900000ED758 00c758 000030 18 24 18 8 | |
| [ 4] .init.text PROGBITS FFFFFFFFA0009000 004048 0001d2 00 AX 0 0 1 <- module->module_init | |
| [24] .symtab SYMTAB FFFFFFFFA000A000 006828 000720 18 25 16 8 | |
| [25] .strtab STRTAB FFFFFFFFA000A720 006f48 000212 00 0 0 1 | |
| [ 2] .text PROGBITS FFFFFFFFA00FF000 000070 003fd8 00 AX 0 0 16 <- module->module_core | |
| [ 6] .exit.text PROGBITS FFFFFFFFA0102FD8 00421a 000078 00 AX 0 0 1 | |
| [ 1] .note.gnu.build-id NOTE FFFFFFFFA0104000 000040 000024 00 A 0 0 4 | |
| [ 8] .rodata PROGBITS FFFFFFFFA0104040 0042a0 001000 00 A 0 0 32 | |
| [ 9] .rodata.str1.1 PROGBITS FFFFFFFFA0105040 0052a0 000016 01 AMS 0 0 1 | |
| [10] .parainstructions PROGBITS FFFFFFFFA0105058 0052b8 00005c 00 A 0 0 8 | |
| [13] __mcount_loc PROGBITS FFFFFFFFA01050B8 005388 000058 00 A 0 0 8 | |
| [16] .data PROGBITS FFFFFFFFA0106000 005ce0 000028 00 WA 0 0 32 | |
| [18] .gnu.linkonce.this_module PROGBITS FFFFFFFFA0106040 005d20 000260 00 WA 0 0 32 <- rdx: struct module | |
| [20] .bss NOBITS FFFFFFFFA01062A0 005f80 000210 00 WA 0 0 32 | |
| Rebase is too hard, don't do that |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment